Skip to main content
CVE-2022-34635 CRITICAL POC Act Now

The mstatus.sd field in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a does not update when the mstatus.fs field is set to Dirty. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cva6
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-27434 CRITICAL POC Act Now

UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Teta
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-34029 CRITICAL POC Act Now

Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Buffer Overflow Information Disclosure Njs
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-2437 CRITICAL PATCH Act Now

The Feed Them Social - for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress Feed Them Social
NVD VulDB
CVSS 3.1
9.8
EPSS
9.1%
CVE-2022-35741 CRITICAL PATCH Act Now

Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service SSRF Apache XXE Cloudstack
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2022-30623 CRITICAL Act Now

The server checks the user's cookie in a non-standard way, and a value is entered in the cookie value name of the status and its value is set to true to bypass the identification with the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass P5E Gnss Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-34632 CRITICAL PATCH Act Now

Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 was discovered to contain insufficient cryptography via the component /rocket/RocketCore.scala. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rocket Chip Generator
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy