Skip to main content
CVE-2022-23375 HIGH POC THREAT This Week

WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Wikidocs
NVD GitHub
CVSS 3.1
8.8
EPSS
19.9%
CVE-2022-0409 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

File Upload Showdoc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-0630 HIGH POC PATCH This Week

Out-of-bounds Read in Homebrew mruby prior to 3.2. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Mruby
NVD GitHub
CVSS 3.1
7.1
EPSS
1.0%
CVE-2021-46700 MEDIUM POC This Month

In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-0690 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-0678 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
2.3%
CVE-2022-25137 CRITICAL Act Now

A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection T6 Firmware T10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-25136 CRITICAL Act Now

A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection T6 Firmware T10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-25135 CRITICAL Act Now

A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection T6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-25134 CRITICAL Act Now

A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection T6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-25133 CRITICAL Act Now

A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection T6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-25132 CRITICAL Act Now

A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection T6 Firmware T10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-25131 CRITICAL Act Now

A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection T6 Firmware T10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-25130 CRITICAL Act Now

A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection T6 Firmware T10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-0632 MEDIUM POC PATCH This Month

NULL Pointer Dereference in Homebrew mruby prior to 3.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Mruby
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-0689 MEDIUM POC PATCH This Month

Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Microweber
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-25366 HIGH This Week

Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Apple Cryptomator
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-25365 HIGH PATCH This Week

Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Docker
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-24980 HIGH PATCH This Week

An issue was discovered in the Kitodo.Presentation (aka dif) extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Kitodo Presentation
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-23376 MEDIUM This Month

WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on different pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wikidocs
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-25256 MEDIUM This Month

SAS Web Report Studio 4.4 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Web Report Studio
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-24979 MEDIUM PATCH This Month

An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Varnishcache
NVD
CVSS 3.1
5.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy