Skip to main content
CVE-2022-27477 CRITICAL POC Act Now

Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Newbee Mall
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-27276 CRITICAL POC Act Now

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Inrouter 900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2022-27275 CRITICAL POC Act Now

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Inrouter 900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2022-27274 CRITICAL POC Act Now

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Inrouter 900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2022-27273 CRITICAL POC Act Now

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Inrouter 900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2022-27272 CRITICAL POC Act Now

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Inrouter 900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2022-27271 CRITICAL POC Act Now

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Python Inrouter 900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2022-27270 CRITICAL POC Act Now

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Inrouter 900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2022-27269 CRITICAL POC Act Now

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Inrouter 900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-27268 CRITICAL POC Act Now

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Inrouter 900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-1286 CRITICAL POC PATCH Act Now

heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Heap Overflow Mruby
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1276 CRITICAL POC PATCH Act Now

Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Information Disclosure Mruby
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-27277 CRITICAL POC Act Now

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file deletion vulnerability via the function sub_17C08. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Inrouter 900 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-27295 HIGH POC This Week

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption D-Link Buffer Overflow Dir 619 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-27294 HIGH POC This Week

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption D-Link Buffer Overflow Dir 619 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-27293 HIGH POC This Week

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption D-Link Buffer Overflow Dir 619 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-27291 HIGH POC This Week

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption D-Link Buffer Overflow Dir 619 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-27290 HIGH POC This Week

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanDhcpplus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption D-Link Buffer Overflow Dir 619 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-27289 HIGH POC This Week

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanL2TP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption D-Link Buffer Overflow Dir 619 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-27288 HIGH POC This Week

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption D-Link Buffer Overflow Dir 619 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-27287 HIGH POC This Week

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPPoE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption D-Link Buffer Overflow Dir 619 Ax Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-27286 HIGH POC This Week

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption D-Link Buffer Overflow Dir 619 Ax Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-27279 HIGH POC This Week

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Inrouter 900 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-1289 MEDIUM POC PATCH This Month

A denial of service vulnerability was found in tildearrow Furnace. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Furnace
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-27476 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Newbee Mall
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-27131 CRITICAL Act Now

An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE File Upload Zbzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-27129 CRITICAL Act Now

An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE File Upload Zbzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-27128 CRITICAL Act Now

An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Zbzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-27126 CRITICAL Act Now

zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Zbzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-27961 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ofcms
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-27960 MEDIUM POC This Month

Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Java Ofcms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-27958 MEDIUM POC This Month

Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users' personal information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Febs Security
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1291 MEDIUM POC PATCH This Month

XSS vulnerability with default `onCellHtmlData` function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Tableexport Jquery Plugin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-1290 MEDIUM POC PATCH This Month

Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Information Disclosure Trudesk
NVD GitHub
CVSS 3.1
5.4
EPSS
1.6%
CVE-2022-27133 CRITICAL Act Now

zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Zbzcms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-27292 HIGH This Week

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption D-Link Buffer Overflow Dir 619 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-27127 MEDIUM This Month

zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Zbzcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-27125 MEDIUM This Month

zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Zbzcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-27280 MEDIUM This Month

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the web_exec parameter at /apply.cgi. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Inrouter 900 Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy