Skip to main content
CVE-2022-1388 CRITICAL POC KEV THREAT Emergency

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2022-27411 CRITICAL POC Act Now

TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-27360 CRITICAL POC Act Now

SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Springblade
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-28584 CRITICAL POC Act Now

It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-28583 CRITICAL POC Act Now

It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-28582 CRITICAL POC Act Now

It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-28581 CRITICAL POC Act Now

It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-28580 CRITICAL POC Act Now

It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-28579 CRITICAL POC Act Now

It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-28578 CRITICAL POC Act Now

It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-28577 CRITICAL POC Act Now

It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-28575 CRITICAL POC Act Now

It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-29592 CRITICAL POC THREAT Act Now

Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Tx9 Pro Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
19.6%
CVE-2022-28533 CRITICAL POC Act Now

Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Injection via /mhds/clinic/view_details.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Medical Hub Directory Site
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-28530 CRITICAL POC Act Now

Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnerable to SQL Injection via cmdcategory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Covid 19 Directory On Vaccination System
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-28461 CRITICAL POC Act Now

mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mingyuefusu
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-1575 CRITICAL POC PATCH Act Now

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection XSS Drawio
NVD GitHub
CVSS 3.1
9.6
EPSS
2.3%
CVE-2022-25989 HIGH POC This Week

An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker Eufy Homebase 2 2.1.8.5h. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eufy Homebase 2 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-28080 HIGH POC THREAT This Week

Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Event Management System
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
57.3%
CVE-2022-28079 HIGH POC THREAT This Week

College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi College Management System
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
28.8%
CVE-2022-29938 HIGH POC This Week

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Librehealth Ehr
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-1592 HIGH POC PATCH This Week

Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF XSS Scout
NVD GitHub
CVSS 3.1
8.2
EPSS
1.1%
CVE-2022-29340 HIGH POC PATCH This Week

GPAC 2.1-DEV-rev87-g053aae8-master. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-29339 HIGH POC PATCH This Week

In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-28462 HIGH POC This Week

novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Novel Plus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-27337 MEDIUM POC This Month

A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Poppler Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-26073 MEDIUM POC This Month

A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Eufy Homebase 2 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-28471 MEDIUM POC This Month

In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Ffjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-1411 MEDIUM POC PATCH This Month

Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-29535 CRITICAL PATCH Act Now

Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Zoho SQLi Manageengine Opmanager
NVD
CVSS 3.1
9.8
EPSS
93.4%
CVE-2022-29502 CRITICAL PATCH Act Now

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Slurm Fedora
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-28606 CRITICAL Act Now

An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Bosscms
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-28120 CRITICAL Act Now

Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Open Virtual Simulation Experiment Teaching Management Platform
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-27588 CRITICAL Act Now

We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Qvr
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-28890 CRITICAL PATCH Act Now

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved.4.0 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XXE Jena
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-27359 MEDIUM POC This Month

Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a this.maildoc NULL pointer dereference. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Pdf Editor Pdf Reader
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-1464 MEDIUM POC PATCH This Month

Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Gogs
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-29940 MEDIUM POC This Month

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\orders\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-29939 MEDIUM POC This Month

In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\billing\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-1590 MEDIUM POC This Month

A vulnerability was found in Bludit 3.13.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bludit
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-26415 CRITICAL Act Now

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2021-45783 MEDIUM POC This Month

Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Notea Firmware
NVD GitHub Exploit-DB VulDB
CVSS 3.1
4.6
EPSS
1.9%
CVE-2022-29173 HIGH PATCH This Week

go-tuf is a Go implementation of The Update Framework (TUF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go Tuf
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-29166 HIGH PATCH This Week

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Matrix Irc Bridge
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-29501 HIGH PATCH This Week

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Slurm Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2022-29500 HIGH PATCH This Week

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Slurm Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-28716 HIGH This Week

On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Advanced Firewall Manager Big Ip Carrier Grade Nat Big Ip Policy Enforcement Manager
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-29263 HIGH This Week

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Access Policy Manager Clients Big Ip Access Policy Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-28714 HIGH This Week

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Big Ip Access Policy Manager Big Ip Access Policy Manager Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-29167 HIGH PATCH This Week

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Hawk
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy