Skip to main content
CVE-2022-31137 CRITICAL POC PATCH THREAT Act Now

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Apache Command Injection Nginx Roxy Wi
NVD GitHub
CVSS 3.1
9.8
EPSS
90.4%
CVE-2022-35411 CRITICAL POC PATCH THREAT Act Now

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Rpc Py
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
45.9%
CVE-2022-34914 CRITICAL Act Now

Webswing before 22.1.3 allows X-Forwarded-For header injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Webswing
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-28623 CRITICAL Act Now

Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP SQLi Red Hat Icewall Sso Certd
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-1245 CRITICAL PATCH Act Now

A privilege escalation flaw was found in the token exchange feature of keycloak. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Microsoft Keycloak
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy