Skip to main content
CVE-2022-46161 CRITICAL POC Act Now

pdfmake is an open source client/server side PDF printing in pure JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Pdfmake
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-25912 CRITICAL POC PATCH Act Now

The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Simple Git
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-24439 CRITICAL POC PATCH Act Now

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gitpython Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.4%
CVE-2022-40918 CRITICAL POC Act Now

Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows attacker to gain remote code execution as root user via a specially crafted UDP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Discovery Wifi U818A Hd Fpv Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-44900 CRITICAL POC PATCH Act Now

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Python Py7Zr
NVD GitHub
CVSS 3.1
9.1
EPSS
2.2%
CVE-2022-42699 CRITICAL Act Now

Auth. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection WordPress RCE Easy Wp Smtp
NVD
CVSS 3.1
9.1
EPSS
7.3%
CVE-2022-45359 CRITICAL Act Now

Unauth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress File Upload Yith Woocommerce Gift Cards
NVD
CVSS 3.1
9.8
EPSS
13.5%
CVE-2022-35843 CRITICAL PATCH Act Now

An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Fortinet Authentication Bypass Fortiproxy Fortios
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-46383 CRITICAL Act Now

RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Digital Rebar
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-46332 CRITICAL Act Now

The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Protection
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2022-41559 CRITICAL Act Now

The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Nimbus
NVD
CVSS 3.1
9.3
EPSS
0.7%
CVE-2022-41910 CRITICAL PATCH Act Now

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2022-41902 CRITICAL PATCH Act Now

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2022-38337 CRITICAL PATCH Act Now

When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Denial Of Service Mobaxterm
NVD
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy