Skip to main content
CVE-2022-40305 CRITICAL POC Act Now

A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Canto
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-25765 CRITICAL POC PATCH THREAT Act Now

The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pdfkit Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
39.4%
CVE-2022-38638 CRITICAL POC PATCH Act Now

Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Casdoor
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-36376 CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF WordPress Seo
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-2526 CRITICAL PATCH Act Now

A use-after-free vulnerability was found in systemd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Systemd Active Iq Unified Manager +4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-36793 CRITICAL Act Now

Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Wp Shop
NVD
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy