Skip to main content
CVE-2022-28381 CRITICAL POC THREAT Emergency

Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Allmediaserver
NVD GitHub
CVSS 3.1
9.8
EPSS
68.7%
CVE-2022-28368 CRITICAL POC PATCH THREAT Act Now

Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP RCE XSS Dompdf
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
82.4%
CVE-2022-27249 HIGH POC This Week

An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Reftree
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2022-28391 HIGH POC PATCH This Week

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Busybox
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2022-28376 HIGH POC This Week

Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Lvskihp Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-26233 HIGH POC THREAT This Week

Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Control Room Management Suite
NVD
CVSS 3.1
7.5
EPSS
15.0%
CVE-2022-0088 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Yourls
NVD GitHub Exploit-DB
CVSS 3.1
7.4
EPSS
2.0%
CVE-2022-1211 MEDIUM POC This Month

A vulnerability classified as critical has been found in tildearrow Furnace dev73. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Furnace
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-1210 MEDIUM POC This Month

A vulnerability classified as problematic was found in LibTIFF 4.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Ontap Select Deploy Administration Utility
NVD VulDB
CVSS 3.1
6.5
EPSS
1.9%
CVE-2022-26530 CRITICAL PATCH Act Now

swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Swaylock
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2022-28379 MEDIUM POC THREAT This Month

jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nginx Nginx Proxy Manager
NVD GitHub
CVSS 3.1
4.8
EPSS
71.2%
CVE-2022-0406 MEDIUM POC PATCH This Month

Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Calibre Web
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-0405 MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Calibre Web
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-28390 HIGH PATCH This Week

ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-28380 HIGH PATCH This Week

The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) allows ..%2f directory traversal if serve-static is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Rc Httpd
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-27248 MEDIUM This Month

A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Reftree
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2022-28378 MEDIUM PATCH This Month

Craft CMS before 3.7.29 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Craft Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-28389 MEDIUM PATCH This Month

mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora Debian Linux +8
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-28388 MEDIUM PATCH This Month

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux Fedora +8
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy