Skip to main content
CVE-2022-40357 CRITICAL POC Act Now

A security issue was discovered in Z-BlogPHP <= 1.7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Z Blogphp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40009 CRITICAL POC Act Now

SWFTools commit 772e55a was discovered to contain a heap-use-after-free via the function grow_unicode at /lib/ttf.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Swftools
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40008 CRITICAL POC Act Now

SWFTools commit 772e55a was discovered to contain a heap-buffer overflow via the function readU8 at /lib/ttf.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-41138 CRITICAL POC PATCH Act Now

In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Zutty
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-38916 CRITICAL POC THREAT Act Now

A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pagekit
NVD GitHub
CVSS 3.1
9.8
EPSS
17.6%
CVE-2022-37204 CRITICAL POC Act Now

Final CMS 5.1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-32882 CRITICAL Act Now

This issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-32863 CRITICAL Act Now

A memory corruption issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Safari +1
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-32788 CRITICAL Act Now

A buffer overflow was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Ipados Iphone Os +3
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-37265 CRITICAL PATCH Act Now

Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Information Disclosure Prototype Pollution Steal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-39956 CRITICAL PATCH Act Now

The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-39955 CRITICAL PATCH Act Now

The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-2177 CRITICAL Act Now

Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Kayrasoft
NVD
CVSS 3.1
9.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy