Skip to main content
CVE-2022-42889 CRITICAL POC PATCH THREAT Act Now

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Apache Code Injection Commons Text Bluexp +1
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.9%
CVE-2022-41391 CRITICAL POC Act Now

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ocomon
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-41390 CRITICAL POC Act Now

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ocomon
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-41497 CRITICAL POC Act Now

ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Clippercms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41496 CRITICAL POC Act Now

iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Icms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41495 CRITICAL POC Act Now

ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Clippercms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-39303 CRITICAL PATCH Act Now

Ree6 is a moderation bot. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Ree6
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3457 CRITICAL PATCH Act Now

Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-3456 CRITICAL PATCH Act Now

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-39293 CRITICAL PATCH Act Now

Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Microsoft Buffer Overflow Threadx Usbx
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-24697 CRITICAL PATCH Act Now

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Kylin
NVD
CVSS 3.1
9.8
EPSS
84.8%
CVE-2022-42897 CRITICAL PATCH Act Now

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Privilege Escalation Arrayos Ag
NVD
CVSS 3.1
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy