Skip to main content
CVE-2022-40434 CRITICAL POC Act Now

Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Softr
NVD VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-44109 CRITICAL POC Act Now

pdftojson commit 94204bb was discovered to contain a stack overflow via the component Stream::makeFilter(char*, Stream*, Object*, int). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Pdftojson
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44108 CRITICAL POC Act Now

pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copy(Object*):Object.cc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Pdftojson
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-4063 CRITICAL POC Act Now

The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress Inpost Gallery
NVD WPScan
CVSS 3.1
9.8
EPSS
9.5%
CVE-2022-4050 CRITICAL POC Act Now

The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Joomsport
NVD WPScan
CVSS 3.1
9.8
EPSS
4.8%
CVE-2022-44940 CRITICAL POC PATCH Act Now

Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Patchelf
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-28173 CRITICAL PATCH Act Now

The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Hikvision Authentication Bypass Ds 3Wf0Ac 2Nt Firmware Ds 3Wf01C 2N O Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-4427 CRITICAL Act Now

Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Otrs
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-44456 CRITICAL PATCH Act Now

CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Conprosys Hmi System
NVD
CVSS 3.1
9.8
EPSS
69.9%
CVE-2022-38708 CRITICAL PATCH Act Now

IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack (SSRF) attack by constructing URLs from user-controlled data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF IBM Cognos Analytics
NVD
CVSS 3.1
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy