Skip to main content
CVE-2022-0543 CRITICAL POC KEV PATCH THREAT Act Now

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Redis Authentication Bypass RCE Debian
NVD
CVSS 3.1
10.0
EPSS
99.7%
CVE-2022-0664 CRITICAL POC PATCH Act Now

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Netmaker
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-25322 CRITICAL POC Act Now

ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Web Server
NVD GitHub
CVSS 3.1
9.8
EPSS
8.3%
CVE-2022-0631 CRITICAL POC PATCH Act Now

Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Mruby
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-25315 CRITICAL POC PATCH Act Now

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Libexpat Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2022-22922 CRITICAL POC Act Now

TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl Wa850Re Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-24049 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow S1 S2
NVD
CVSS 3.1
9.8
EPSS
7.2%
CVE-2022-24047 CRITICAL Act Now

This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Track It
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-25337 CRITICAL PATCH Act Now

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Ez Platform Kernel
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-21215 CRITICAL Act Now

This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Mimosa Management Platform C6X Firmware C5X Firmware C5C Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-21196 CRITICAL Act Now

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Mimosa Management Platform C6X Firmware C5X Firmware +2
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-21143 CRITICAL Act Now

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mimosa Management Platform C6X Firmware C5X Firmware C5C Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-21141 CRITICAL Act Now

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Mimosa Management Platform C6X Firmware C5X Firmware +2
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-0671 CRITICAL PATCH Act Now

A flaw was found in vscode-xml in versions prior to 0.19.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Vscode Xml
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy