Skip to main content
CVE-2022-26612 CRITICAL POC PATCH Act Now

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apache Microsoft Hadoop
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2022-27022 CRITICAL POC Act Now

There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-27016 CRITICAL POC Act Now

There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-23900 CRITICAL POC Act Now

A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn531P3 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-27373 HIGH POC This Week

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Icheck Connect Bp Monitor Bp Testing 118 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-27376 HIGH POC This Week

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Icheck Connect Bp Monitor Bp Testing 118 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-0935 HIGH POC PATCH This Week

Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Live Helper Chat
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-26627 HIGH POC This Week

Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Online Project Time Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-27374 HIGH POC This Week

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Icheck Connect Bp Monitor Bp Testing 118 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-27375 MEDIUM POC This Month

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Icheck Connect Bp Monitor Bp Testing 118 Firmware
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-24681 MEDIUM POC PATCH This Month

Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Zoho XSS Manageengine Adselfservice Plus
NVD
CVSS 3.1
6.1
EPSS
3.6%
CVE-2022-26676 CRITICAL Act Now

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation A Hrd
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-27818 CRITICAL PATCH Act Now

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Denial Of Service Information Disclosure Swhkd
NVD GitHub
CVSS 3.1
9.1
EPSS
1.7%
CVE-2022-26670 HIGH This Week

D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 878 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-25597 HIGH This Week

ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-25596 HIGH This Week

ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Rt Ac86U Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-23973 HIGH This Week

ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Rt Ax56U Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-23972 HIGH This Week

ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi Rt Ax56U Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-23971 HIGH This Week

ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Rt Ax56U Firmware
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-23970 HIGH This Week

ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Rt Ax56U Firmware
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-22515 HIGH This Week

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Beckhoff Cx9020 Control For Empc A Imx6 Sl Control For Iot2000 Sl +14
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-22516 HIGH This Week

The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Control Rte Sl Control Rte Sl For Beckhoff Cx Control Win Sl +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26675 HIGH This Week

aEnrich a+HRD has inadequate filtering for special characters in URLs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal A Hrd
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-22519 HIGH This Week

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Control For Beaglebone Sl Control For Beckhoff Cx9020 Control For Empc A Imx6 Sl Control For Iot2000 Sl +14
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-22517 HIGH This Week

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Control For Beaglebone Sl Control For Beckhoff Cx9020 Control For Empc A Imx6 Sl Control For Iot2000 Sl +16
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-0677 HIGH This Week

Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security Tools Gravityzone Update Server
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-26671 HIGH This Week

Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dr Id Access Control Dr Id Attendance System
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2022-22514 HIGH This Week

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Control For Beaglebone Sl Control For Beckhoff Cx9020 Control For Empc A Imx6 Sl Control For Iot2000 Sl +16
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2022-25338 MEDIUM This Month

ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Owncloud Client
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-25595 MEDIUM This Month

ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rt Ac86U Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-22518 MEDIUM This Month

A bug in CmpUserMgr component can lead to only partially applied security policies. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Control For Beaglebone Sl Control For Beckhoff Cx9020 Control For Empc A Imx6 Sl Control For Iot2000 Sl +6
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-22513 MEDIUM This Month

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Control For Beaglebone Sl Control For Beckhoff Cx9020 Control For Empc A Imx6 Sl +17
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-43432 MEDIUM PATCH This Month

A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xmall
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-25339 MEDIUM This Month

ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Owncloud Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-25594 MEDIUM This Month

Microprogram’s parking lot management system is vulnerable to sensitive information exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Parking Lot Management System
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-27819 MEDIUM PATCH This Month

SWHKD 1.1.5 allows unsafe parsing via the -c option. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Swhkd
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy