Skip to main content
CVE-2022-36446 CRITICAL POC PATCH THREAT Act Now

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Webmin
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
96.0%
CVE-2022-34577 CRITICAL POC Act Now

A vulnerability in adm.cgi of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Wn535G3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-34907 CRITICAL POC THREAT Act Now

An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Filewave
NVD
CVSS 3.1
9.8
EPSS
15.8%
CVE-2022-33965 CRITICAL POC PATCH Act Now

Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Visitor Statistics
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2022-36450 CRITICAL POC THREAT Act Now

Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution because window.open is used without checking the URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Obsidian
NVD
CVSS 3.1
9.8
EPSS
19.6%
CVE-2022-1312 CRITICAL POC Act Now

Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome
NVD
CVSS 3.1
9.6
EPSS
0.5%
CVE-2022-1309 CRITICAL POC Act Now

Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2022-35131 CRITICAL POC PATCH Act Now

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Joplin
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
2.1%
CVE-2022-35869 CRITICAL Act Now

This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ignition
NVD
CVSS 3.1
9.8
EPSS
60.3%
CVE-2022-24083 CRITICAL Act Now

Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Infinity
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-35649 CRITICAL PATCH Act Now

The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Moodle Fedora
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2022-2131 CRITICAL Act Now

OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Java Openkm
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-36444 CRITICAL Act Now

An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10 before version 10R2.1.1, and Atos Unify OpenScape BCF 10 before 10R9.12.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Unify Openscape Bcf Unify Openscape Branch Unify Openscape Session Border Controller
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-0670 CRITICAL Act Now

A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ceph Ceph Storage Fedora
NVD
CVSS 3.1
9.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy