Skip to main content
CVE-2022-4314 CRITICAL POC PATCH Act Now

Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-3982 CRITICAL POC Act Now

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP WordPress Booking Calendar
NVD WPScan
CVSS 3.1
9.8
EPSS
4.5%
CVE-2022-3921 CRITICAL POC THREAT Act Now

The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Listingo
NVD WPScan
CVSS 3.1
9.8
EPSS
21.2%
CVE-2022-3915 CRITICAL POC Act Now

The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Dokan
NVD WPScan
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-3900 CRITICAL POC THREAT Act Now

The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipe_args parameter before unserializing it in the cooked_loadmore action, allowing an unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP WordPress Cooked
NVD WPScan
CVSS 3.1
9.8
EPSS
19.0%
CVE-2022-37932 CRITICAL POC Act Now

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass HP Officeconnect 1820 J9979A Firmware Officeconnect 1820 J9982A Firmware Officeconnect 1820 J9980A Firmware +16
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-38656 CRITICAL Act Now

HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Elastic Hcl Commerce
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-37897 CRITICAL Act Now

There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba Sd Wan Arubaos
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-3485 CRITICAL Act Now

In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Moneo Qha210 Firmware Moneo Qha200 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-46682 CRITICAL PATCH Act Now

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Plot
NVD
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy