Skip to main content
CVE-2022-25061 CRITICAL POC THREAT Emergency

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.

TP-Link Command Injection Tl Wr840N Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
72.5%
Threat
5.6
CVE-2022-25060 CRITICAL POC THREAT Emergency

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.4%.

Command Injection TP-Link Tl Wr840N Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
52.4%
Threat
5.0
CVE-2022-25064 CRITICAL POC THREAT Emergency

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 39.8%.

Command Injection TP-Link RCE Tl Wr840N Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
39.8%
Threat
4.7
CVE-2021-42952 CRITICAL Act Now

Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zepl
NVD VulDB
CVSS 3.1
9.9
EPSS
1.7%
CVE-2022-25263 CRITICAL Act Now

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Teamcity
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-25262 CRITICAL Act Now

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-24442 CRITICAL Act Now

JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Youtrack
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-21798 CRITICAL Act Now

The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cimplicity
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-24340 CRITICAL Act Now

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Teamcity
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-24331 CRITICAL Act Now

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure Teamcity
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-25260 CRITICAL Act Now

JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Hub
NVD
CVSS 3.1
9.1
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy