Skip to main content
CVE-2022-25061 CRITICAL POC THREAT Emergency

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.

TP-Link Command Injection Tl Wr840N Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
72.5%
Threat
5.6
CVE-2022-25060 CRITICAL POC THREAT Emergency

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.4%.

Command Injection TP-Link Tl Wr840N Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
52.4%
Threat
5.0
CVE-2022-25064 CRITICAL POC THREAT Emergency

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 39.8%.

Command Injection TP-Link RCE Tl Wr840N Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
39.8%
Threat
4.7
CVE-2022-24288 HIGH POC PATCH THREAT This Week

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Command Injection Airflow
NVD
CVSS 3.1
8.8
EPSS
77.9%
CVE-2022-23835 HIGH POC This Week

The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission, and reads an IMAP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Visual Voice Mail
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2021-42952 CRITICAL Act Now

Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zepl
NVD VulDB
CVSS 3.1
9.9
EPSS
1.7%
CVE-2022-25263 CRITICAL Act Now

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Teamcity
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-25262 CRITICAL Act Now

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-24442 CRITICAL Act Now

JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Youtrack
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-21798 CRITICAL Act Now

The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cimplicity
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-24340 CRITICAL Act Now

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Teamcity
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-24331 CRITICAL Act Now

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure Teamcity
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-24612 MEDIUM POC This Month

An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyesofnetwork
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-24594 MEDIUM POC PATCH This Month

In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Waline
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-25260 CRITICAL Act Now

JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Hub
NVD
CVSS 3.1
9.1
EPSS
2.4%
CVE-2022-24342 HIGH This Week

In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Teamcity
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2022-24947 HIGH PATCH This Week

Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache CSRF Jspwiki
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-25062 HIGH This Week

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Integer Overflow Denial Of Service Tl Wr840N Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
4.5%
CVE-2022-0746 MEDIUM POC PATCH This Month

Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-24335 HIGH This Week

JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-25170 HIGH This Week

The affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Fvdesigner
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-23985 HIGH This Week

The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Fvdesigner
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2022-23921 HIGH This Week

Exploitation of this vulnerability may result in local privilege escalation and code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Proficy Cimplicitiy
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-21209 HIGH This Week

The affected product is vulnerable to an out-of-bounds read while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Fvdesigner
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2022-24346 HIGH This Week

In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Intellij Idea
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-24345 HIGH This Week

In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Intellij Idea
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-25264 HIGH This Week

In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-0615 HIGH This Week

Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-service condition on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Eset Information Disclosure Endpoint Antivirus +1
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-24341 HIGH This Week

In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-24327 HIGH This Week

In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-25374 HIGH This Week

HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Terraform Enterprise
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-25328 HIGH PATCH This Week

The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Privilege Escalation Command Injection Fscrypt
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2022-24337 MEDIUM This Month

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-24333 MEDIUM This Month

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-24328 MEDIUM This Month

In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-37504 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jquery Upload File
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-25261 MEDIUM This Month

JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-25259 MEDIUM This Month

JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hub
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-24338 MEDIUM This Month

JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-24330 MEDIUM This Month

In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-24948 MEDIUM PATCH This Month

A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Jspwiki
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2022-25327 MEDIUM PATCH This Month

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Authentication Bypass Fscrypt
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-25326 MEDIUM PATCH This Month

fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Fscrypt
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-0247 MEDIUM PATCH This Month

An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Fuchsia
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-24710 MEDIUM PATCH This Month

Weblate is a copyleft software web-based continuous localization system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Weblate
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-24347 MEDIUM This Month

JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS via a project icon. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-24344 MEDIUM This Month

JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-24339 MEDIUM This Month

JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-24336 MEDIUM This Month

In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-24334 MEDIUM This Month

In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy