Skip to main content
CVE-2021-41556 CRITICAL POC PATCH Act Now

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Information Disclosure Squirrel Fedora
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
2.4%
CVE-2022-34558 CRITICAL POC PATCH Act Now

WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Global Workqueue Reqmgr2 Reqmon Wmagent
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34555 CRITICAL POC THREAT Act Now

TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE TP-Link Tl R473G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
20.5%
CVE-2022-2564 CRITICAL POC PATCH THREAT Act Now

Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Prototype Pollution Mongoose
NVD GitHub
CVSS 3.1
9.8
EPSS
32.7%
CVE-2022-31627 CRITICAL POC Act Now

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-30315 CRITICAL Act Now

Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification of Data Authenticity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Honeywell Denial Of Service Safety Manager Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-27612 CRITICAL Act Now

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology Buffer Overflow Audio Station
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-22683 CRITICAL Act Now

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Synology Buffer Overflow Media Server
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-36986 CRITICAL PATCH Act Now

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Flex Appliance Flex Scale Netbackup Netbackup Appliance
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-2010 CRITICAL Act Now

Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Chrome Fedora
NVD
CVSS 3.1
9.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy