Skip to main content
CVE-2021-43164 HIGH POC THREAT Act Now

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 34.9%.

RCE Command Injection Reyeeos
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
34.9%
Threat
4.3
CVE-2022-28568 CRITICAL POC Act Now

Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simple Doctor S Appointment System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.1%
CVE-2022-29347 CRITICAL POC Act Now

An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Web Rchiv
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-20777 CRITICAL POC THREAT Act Now

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cisco Enterprise Nfv Infrastructure Software
NVD GitHub
CVSS 3.1
9.9
EPSS
10.8%
CVE-2022-30284 CRITICAL POC PATCH Act Now

In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Libnmap
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2022-29155 CRITICAL POC THREAT Act Now

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openldap Debian Linux H300s Firmware H500s Firmware +4
NVD
CVSS 3.1
9.8
EPSS
69.9%
CVE-2022-28557 CRITICAL POC THREAT Act Now

There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
22.0%
CVE-2022-28512 CRITICAL POC Act Now

A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fantastic Blog
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-28082 CRITICAL POC Act Now

Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ax12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.6%
CVE-2022-28111 CRITICAL POC PATCH Act Now

MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pagehelper
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-27431 CRITICAL POC Act Now

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wuzhicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-27420 CRITICAL POC Act Now

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-20779 HIGH POC THREAT This Week

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cisco Enterprise Nfv Infrastructure Software
NVD GitHub
CVSS 3.1
8.8
EPSS
10.2%
CVE-2022-28552 HIGH POC This Week

Cscms 4.1 is vulnerable to SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cscms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-28099 HIGH POC This Week

Poultry Farm Management System v1.0 was discovered to contain a SQL injection vulnerability via the Item parameter at /farm/store.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Poultry Farm Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-28806 HIGH POC This Week

An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310),. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Lifebook A3510 Firmware Lifebook U9310 Firmware +10
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-27470 HIGH POC PATCH This Week

SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Sdl Ttf Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-30288 HIGH POC This Week

Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Agoo
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-28940 HIGH POC This Week

In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Magic R100 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-28556 HIGH POC This Week

Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac15 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-28488 HIGH POC This Week

The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libwav
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-28487 HIGH POC PATCH This Week

Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-20780 HIGH POC THREAT This Week

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cisco Enterprise Nfv Infrastructure Software
NVD GitHub
CVSS 3.1
7.4
EPSS
10.9%
CVE-2022-28076 HIGH POC This Week

Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Seacms
NVD GitHub
CVSS 3.1
7.2
EPSS
2.1%
CVE-2022-28096 HIGH POC THREAT This Week

Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Skycaiji
NVD GitHub
CVSS 3.1
7.2
EPSS
20.1%
CVE-2022-28090 MEDIUM POC This Month

Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Jspxcms
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-27461 MEDIUM POC This Month

In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Nopcommerce
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-43163 CRITICAL Act Now

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Reyeeos
NVD VulDB
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-1584 MEDIUM POC PATCH This Month

Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-28508 MEDIUM POC This Month

An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mantisbt
NVD GitHub
CVSS 3.1
6.1
EPSS
5.2%
CVE-2022-1571 MEDIUM POC PATCH This Month

Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Facturascripts
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1555 MEDIUM POC PATCH This Month

DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-30292 CRITICAL PATCH Act Now

Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Squirrel Fedora
NVD GitHub
CVSS 3.1
10.0
EPSS
3.6%
CVE-2022-28055 CRITICAL PATCH Act Now

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Fusionpbx
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-43159 HIGH This Week

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Reyeeos
NVD VulDB
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-43162 HIGH This Week

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Reyeeos
NVD VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-43161 HIGH This Week

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Reyeeos
NVD VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-43160 HIGH This Week

A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Reyeeos
NVD VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-27903 HIGH This Week

An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eve Ng
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-25778 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-28067 HIGH This Week

An incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a Denial of Service (DoS) in the Sandbox via a crafted executable. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sandboxie
NVD GitHub
CVSS 3.1
8.6
EPSS
0.8%
CVE-2022-29950 MEDIUM POC This Month

Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories name parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hunter
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-23724 HIGH This Week

Use of static encryption key material allows forging an authentication token to other users within a tenant organization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pingid Integration For Windows Login
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-20764 HIGH This Week

Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Open Redirect Information Disclosure Telepresence Collaboration Endpoint +1
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-20785 HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
6.6%
CVE-2022-20771 HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
5.5%
CVE-2022-20770 HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
6.6%
CVE-2022-23443 HIGH This Week

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortisoar
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-24901 HIGH PATCH This Week

Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Parse Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-20801 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv340 Firmware Rv340W Firmware Rv345 Firmware +1
NVD
CVSS 3.1
7.2
EPSS
1.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy