Skip to main content
CVE-2022-1442 HIGH POC PATCH THREAT Act Now

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 74.9%.

WordPress Authentication Bypass PHP Information Disclosure Metform Elementor Contact Form Builder +1
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
74.9%
Threat
5.2
CVE-2022-1453 CRITICAL POC PATCH THREAT Act Now

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.1%.

SQLi PHP WordPress Rsvpmaker
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
62.1%
Threat
5.3
CVE-2022-29399 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29398 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29397 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29396 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29395 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29394 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29393 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29392 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29391 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29329 CRITICAL POC THREAT Act Now

D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dap 1330 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.3%
CVE-2022-29328 CRITICAL POC THREAT Act Now

D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dap 1330 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.3%
CVE-2022-29327 CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-29326 CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-29325 CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-29324 CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2022-29323 CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2022-29322 CRITICAL POC THREAT Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
16.1%
CVE-2022-29321 CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2022-28915 CRITICAL POC Act Now

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
6.5%
CVE-2022-28913 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-28912 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-28911 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-28910 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-28909 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-28908 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-28907 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-28906 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-28905 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-28901 CRITICAL POC Act Now

A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-28896 CRITICAL POC Act Now

A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-28895 CRITICAL POC Act Now

A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 882 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-1476 MEDIUM PATCH This Month

The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file,. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Epss exploitation probability 35.3%.

PHP WordPress Path Traversal All In One Wp Migration
NVD VulDB
CVSS 3.1
6.6
EPSS
35.3%
CVE-2022-30129 HIGH POC PATCH THREAT This Week

Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Visual Studio Code
NVD
CVSS 3.1
8.8
EPSS
41.7%
CVE-2022-26923 HIGH POC KEV PATCH THREAT This Week

Active Directory Domain Services Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 1909 +10
NVD GitHub
CVSS 3.1
8.8
EPSS
83.3%
CVE-2022-1463 HIGH POC This Week

The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP WordPress Booking Calendar
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-1397 HIGH POC PATCH This Week

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Easyappointments
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-26988 HIGH POC This Week

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption TP-Link Buffer Overflow RCE Tl Wdr7660 Firmware +5
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-26987 HIGH POC This Week

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption TP-Link Buffer Overflow RCE Tl Wdr7660 Firmware +5
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-28986 HIGH POC This Week

LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 2 Factor Authentication
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
2.9%
CVE-2022-1629 HIGH POC PATCH This Week

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Vim Fedora macOS
NVD GitHub
CVSS 3.1
7.8
EPSS
1.9%
CVE-2022-1621 HIGH POC PATCH This Week

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
2.3%
CVE-2022-1537 HIGH POC PATCH This Week

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. Rated high severity (CVSS 7.0). Public exploit code available.

Privilege Escalation Grunt
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-28601 MEDIUM POC This Month

A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass 2 Factor Authentication
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2022-1505 CRITICAL PATCH Act Now

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP WordPress Rsvpmaker
NVD VulDB
CVSS 3.1
9.8
EPSS
3.4%
CVE-2022-26934 MEDIUM PATCH This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.4%.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel +17
NVD VulDB
CVSS 3.1
6.5
EPSS
17.4%
CVE-2022-29130 CRITICAL PATCH Act Now

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 11 Windows 7 +8
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-26937 CRITICAL PATCH Act Now

Windows Network File System Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows Server Windows Server 2008 Windows Server 2012 +3
NVD
CVSS 3.1
9.8
EPSS
76.8%
CVE-2022-22012 CRITICAL PATCH Act Now

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
9.8
EPSS
3.9%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy