Skip to main content
CVE-2022-45063 CRITICAL POC PATCH THREAT Act Now

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.4%.

Command Injection RCE
NVD
CVSS 3.1
9.8
EPSS
22.4%
Threat
4.1
CVE-2022-44088 CRITICAL POC THREAT Emergency

ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.6%.

RCE Code Injection Espcms
NVD VulDB
CVSS 3.1
9.8
EPSS
21.6%
Threat
4.1
CVE-2022-44089 CRITICAL POC Act Now

ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Espcms
NVD VulDB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-44087 CRITICAL POC Act Now

ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Espcms
NVD VulDB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-43074 CRITICAL POC Act Now

AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Ayacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-44727 CRITICAL POC Act Now

The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for PrestaShop allows SQL Injection via a cookie ( lgcookieslaw or __lglaw ). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Eu Cookie Law Gdpr
NVD
CVSS 3.1
9.1
EPSS
2.4%
CVE-2022-40981 CRITICAL PATCH Act Now

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Remote Access Server Firmware
NVD
CVSS 3.1
10.0
EPSS
0.5%
CVE-2022-3703 CRITICAL PATCH Act Now

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Remote Access Server Firmware
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2022-39395 CRITICAL PATCH Act Now

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Server Ui Worker
NVD GitHub
CVSS 3.1
9.9
EPSS
1.1%
CVE-2022-41878 CRITICAL PATCH Act Now

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Authentication Bypass Parse Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41879 CRITICAL PATCH Act Now

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Authentication Bypass Prototype Pollution Parse Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-39394 CRITICAL PATCH Act Now

Wasmtime is a standalone runtime for WebAssembly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Wasmtime
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-39036 CRITICAL Act Now

The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Agentflow
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38119 CRITICAL Act Now

UPSMON Pro login function has insufficient authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Upsmon Pro
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-39396 CRITICAL PATCH Act Now

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js RCE Prototype Pollution Parse Server
NVD GitHub
CVSS 3.1
9.8
EPSS
38.7%
CVE-2022-3726 CRITICAL Act Now

Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
9.0
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy