Skip to main content
CVE-2022-3878 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Maxon ERP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Maxon
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3481 CRITICAL POC Act Now

The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Woocommerce Dropshipping
NVD WPScan VulDB
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-3463 CRITICAL POC Act Now

The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Contact Form
NVD WPScan VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44797 CRITICAL POC PATCH Act Now

btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Btcd
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44054 CRITICAL Act Now

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Xml
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44053 CRITICAL Act Now

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Networking
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-44052 CRITICAL Act Now

The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Dates
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44051 CRITICAL Act Now

The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Stats
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44050 CRITICAL Act Now

The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Networking
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44049 CRITICAL Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44048 CRITICAL Act Now

The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-43305 CRITICAL Act Now

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-43304 CRITICAL Act Now

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Timer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-43303 CRITICAL Act Now

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python RCE File Upload D8S Strings
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-42920 CRITICAL PATCH Act Now

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apache Buffer Overflow Commons Bcel Fedora
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-44796 CRITICAL Act Now

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ootbi
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-37865 CRITICAL PATCH Act Now

With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apache Ivy
NVD
CVSS 3.1
9.1
EPSS
1.8%
CVE-2022-42905 CRITICAL Act Now

In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Wolfssl
NVD GitHub
CVSS 3.1
9.1
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy