Skip to main content
CVE-2022-3362 CRITICAL POC PATCH Act Now

Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-37109 CRITICAL POC PATCH THREAT Act Now

patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Camp
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
49.2%
CVE-2022-3993 CRITICAL POC PATCH Act Now

Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kavita
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-3574 CRITICAL POC Act Now

The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Wpforms Pro
NVD WPScan
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-3477 CRITICAL POC Act Now

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Newsmag Newspaper Tagdiv Composer
NVD WPScan VulDB
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-43294 CRITICAL PATCH Act Now

Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was discovered to contain a stack overflow via the ClientPortPtr parameter at lib/libesp32/rtsp/CRtspSession.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Tasmota
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-24937 CRITICAL Act Now

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emberznet
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-45136 CRITICAL Act Now

Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Jena Sdb
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-45378 CRITICAL Act Now

In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Authentication Bypass Soap
NVD
CVSS 3.1
9.8
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy