Skip to main content
CVE-2022-26189 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-26188 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-26187 CRITICAL POC THREAT Act Now

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD
CVSS 3.1
9.8
EPSS
19.6%
CVE-2022-26186 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2022-26260 CRITICAL POC PATCH Act Now

Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Simple Plist
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-25517 CRITICAL POC Act Now

MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mybatis Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-27228 CRITICAL POC THREAT Act Now

In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Bitrix24
NVD
CVSS 3.1
9.8
EPSS
20.3%
CVE-2022-1031 HIGH POC PATCH This Week

Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Radare2
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-1036 HIGH POC PATCH This Week

Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Microweber
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-1034 HIGH POC PATCH This Week

There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Showdoc
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-25484 MEDIUM POC This Month

tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tcpreplay
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-0386 HIGH This Week

A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Unified Threat Management
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-24774 HIGH PATCH This Week

CycloneDX BOM Repository Server is a bill of materials (BOM) repository server for distributing CycloneDX BOMs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Path Traversal Bill Of Materials Repository Server
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2022-0652 HIGH This Week

Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Unified Threat Management
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-24764 HIGH PATCH This Week

PJSIP is a free and open source multimedia communication library written in C. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Pjsip Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-0667 HIGH This Week

When the vulnerability is triggered the BIND process will exit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bind H300s Firmware H500s Firmware H700s Firmware +5
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-25518 MEDIUM This Month

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cmdbuild
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-21718 MEDIUM PATCH This Month

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Electron
NVD GitHub
CVSS 3.1
5.0
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy