Skip to main content
CVE-2022-39353 CRITICAL POC PATCH Act Now

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xmldom Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-24936 CRITICAL POC Act Now

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gecko Bootloader
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-3575 CRITICAL Act Now

Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Frauscher Diagnostic System 102
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3827 CRITICAL PATCH Act Now

A vulnerability was found in centreon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Centreon
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-39379 CRITICAL PATCH Act Now

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Fluentd Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
44.7%
CVE-2022-38381 CRITICAL Act Now

An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SQLi Fortiadc
NVD
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy