Skip to main content
CVE-2022-1040 CRITICAL POC KEV THREAT Act Now

An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sophos Sfos
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.8%
CVE-2022-25577 CRITICAL POC Act Now

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Alf Banco
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-24783 CRITICAL PATCH Act Now

Deno is a runtime for JavaScript and TypeScript. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Deno
NVD GitHub
CVSS 3.1
10.0
EPSS
1.1%
CVE-2022-22995 CRITICAL Act Now

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE My Cloud Pr2100 Firmware My Cloud Pr4100 Firmware My Cloud Ex4100 Firmware My Cloud Ex2 Ultra Firmware +9
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-22274 CRITICAL POC THREAT Act Now

A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Stack Overflow Buffer Overflow Sonicos +1
NVD
CVSS 3.1
9.8
EPSS
57.3%
CVE-2022-27919 CRITICAL Act Now

Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Enterprise
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-22687 CRITICAL Act Now

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology RCE Buffer Overflow Diskstation Manager Diskstation Manager Unified Controller
NVD
CVSS 3.1
9.8
EPSS
2.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy