Skip to main content
CVE-2021-46009 CRITICAL POC THREAT Emergency

In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.2%.

Authentication Bypass A3100R Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
15.2%
CVE-2021-46007 CRITICAL POC Act Now

totolink a3100r V5.9c.4577 is vulnerable to os command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ar3100R Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-26645 CRITICAL POC Act Now

A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-26646 CRITICAL POC Act Now

Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-28206 CRITICAL POC PATCH Act Now

An issue was discovered in MediaWiki through 1.37.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Mediawiki
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-28205 CRITICAL POC PATCH Act Now

An issue was discovered in MediaWiki through 1.37.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mediawiki
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-46010 HIGH POC This Week

Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3100R Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-46008 HIGH POC This Week

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3100R Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-25008 HIGH POC This Week

totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex300 V2 Firmware Ex1200t Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
4.3%
CVE-2022-27432 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Pluck
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-46006 MEDIUM POC This Month

In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3100R Firmware
NVD VulDB
CVSS 3.1
6.5
EPSS
7.2%
CVE-2022-1160 HIGH POC PATCH This Week

heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-27772 HIGH POC PATCH This Week

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Spring Boot
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-1154 HIGH POC PATCH This Week

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Vim Fedora +2
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-23868 HIGH POC This Week

RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ruoyi
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-27815 HIGH POC PATCH This Week

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Swhkd
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-24132 HIGH POC This Week

phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Phpshe
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-23793 HIGH POC PATCH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Joomla
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-1155 HIGH POC PATCH This Week

Old sessions are not blocked by the login enable function. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Snipe It
NVD GitHub
CVSS 3.1
7.4
EPSS
1.0%
CVE-2022-27816 HIGH POC PATCH This Week

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Swhkd
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2022-23869 MEDIUM POC This Month

In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ruoyi
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-26644 MEDIUM POC This Month

Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Banking System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-24135 MEDIUM POC This Month

QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Qingscan
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-24131 MEDIUM POC This Month

DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Douphp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-23799 CRITICAL PATCH Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-23797 CRITICAL Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Joomla
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-23795 CRITICAL Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-28209 CRITICAL PATCH Act Now

An issue was discovered in Mediawiki through 1.37.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mediawiki
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-24693 CRITICAL Act Now

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nova436Q Firmware Neutrino 430 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2022-26244 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hospital S Patient Records Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1181 MEDIUM POC PATCH THREAT This Month

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
51.5%
CVE-2022-1179 MEDIUM POC PATCH THREAT This Month

Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
76.9%
CVE-2022-1178 MEDIUM POC PATCH THREAT This Month

Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
51.6%
CVE-2022-25620 CRITICAL Act Now

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sambabox
NVD
CVSS 3.1
9.0
EPSS
0.4%
CVE-2022-1172 MEDIUM POC PATCH This Month

Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
CVSS 3.1
5.0
EPSS
0.7%
CVE-2022-1163 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minewebcms prior to next. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Minewebcms
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
3.5%
CVE-2022-1177 MEDIUM POC PATCH This Month

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Openemr
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-22996 HIGH This Week

The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Sandisk Professional G Raid 4 8 Software Utility Sandisk Professional G Raid 4 8 Software Utility Driver
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-20002 HIGH This Week

In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-0998 HIGH PATCH This Week

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Linux Linux Kernel H300s Firmware +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-24763 HIGH PATCH This Week

PJSIP is a free and open source multimedia communication library written in the C language. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pjsip Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-45031 HIGH This Week

A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Stawiz Usc
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2022-24790 HIGH PATCH This Week

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Request Smuggling Puma Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-22772 HIGH This Week

The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Managed File Transfer Platform Server
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-1180 LOW POC PATCH Monitor

Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
3.5
EPSS
0.6%
CVE-2022-25598 HIGH PATCH This Week

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Dolphinscheduler
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-26948 HIGH This Week

The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-28223 HIGH This Week

Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Kio Firmware Kio 1M Firmware Kio 2Mrs Firmware Kio 2M Firmware +4
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-25619 MEDIUM This Month

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Sambabox
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-26949 MEDIUM This Month

Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
6.5
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy