Skip to main content
CVE-2022-36262 CRITICAL POC Act Now

An issue was discovered in taocms 3.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Taocms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-36010 CRITICAL POC PATCH Act Now

This library allows strings to be parsed as functions and stored as a specialized component,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mozilla Code Injection React Editable Json Tree
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-34294 CRITICAL POC Act Now

totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Totd
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-38221 CRITICAL POC Act Now

A buffer overflow in the FTcpListener thread in The Isle Evrima (the dedicated server on Windows and Linux) 0.9.88.07 before 2022-08-12 allows a remote attacker to crash any server with an accessible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft RCE Buffer Overflow The Isle Evrima
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-2812 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Guest Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Guest Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2314 CRITICAL POC THREAT Act Now

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Command Injection Vr Calendar
NVD WPScan
CVSS 3.1
9.8
EPSS
12.4%
CVE-2022-2180 CRITICAL POC Act Now

The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload RCE CSRF PHP +1
NVD WPScan
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-35978 CRITICAL PATCH Act Now

Minetest is a free open-source voxel game engine with easy modding and game creation. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Minetest
NVD GitHub
CVSS 3.1
10.0
EPSS
2.2%
CVE-2022-36525 CRITICAL Act Now

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Buffer Overflow via authenticationcgi_main. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Buffer Overflow Go Rt Ac750 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-36523 CRITICAL Act Now

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command injection via /htdocs/upnpinc/gena.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link PHP Command Injection Go Rt Ac750 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy