Skip to main content
CVE-2022-27172 HIGH POC This Week

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-26782 HIGH POC This Week

Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2022-26781 HIGH POC This Week

Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-26780 HIGH POC This Week

Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2022-26518 HIGH POC This Week

An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
4.8%
CVE-2022-26420 HIGH POC This Week

An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
5.8%
CVE-2022-26085 HIGH POC THREAT This Week

An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
12.5%
CVE-2022-26075 HIGH POC This Week

An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
5.8%
CVE-2022-26042 HIGH POC This Week

An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2022-25995 HIGH POC This Week

A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ir302 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2022-21182 HIGH POC This Week

A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Inrouter302 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-21809 HIGH POC This Week

A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Inrouter302 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2022-30594 HIGH POC PATCH This Week

The Linux kernel before 5.17.2 mishandles seccomp permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Linux Kernel Debian Linux Solidfire Enterprise Sds Hci Storage Node +10
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-29298 HIGH POC THREAT This Week

SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Sv Cpt Mc310 Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
45.3%
CVE-2022-1699 HIGH POC PATCH This Week

Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Organizr
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-1698 HIGH POC PATCH This Week

Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Organizr
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-29885 HIGH POC PATCH THREAT This Week

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Apache Tomcat Debian Linux Hospitality Cruise Shipboard Property Management System
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
73.1%
CVE-2022-26007 HIGH POC This Week

An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ir302 Firmware
NVD
CVSS 3.1
7.2
EPSS
5.4%
CVE-2022-26002 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Stack Overflow Buffer Overflow Ir302 Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2022-30002 HIGH POC This Week

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editNominee.php?nominee_id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Insurance Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-1681 HIGH POC PATCH This Week

Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Wiki Js
NVD GitHub
CVSS 3.1
7.2
EPSS
1.9%
CVE-2022-29368 HIGH POC PATCH This Week

Moddable commit before 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 was discovered to contain an out-of-bounds read via the function fxUint8Getter at /moddable/xs/sources/xsDataView.c. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Moddable
NVD GitHub
CVSS 3.1
7.1
EPSS
0.9%
CVE-2022-23139 HIGH This Week

ZTE's ZXMP M721 product has a permission and access control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxmp M721 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-22798 HIGH This Week

Sysaid - Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sysaid
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-28872 HIGH This Week

A vulnerability affecting F-Secure SAFE browser was discovered. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Safe
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-23742 HIGH This Week

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Checkpoint Endpoint Security
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-28819 HIGH This Week

Adobe Character Animator versions 4.4.2 (and earlier) and 22.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Character Animator
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2022-21128 HIGH This Week

Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Advisor
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-29369 HIGH PATCH This Week

Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-30279 HIGH This Week

An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Stormshield Network Security
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-22139 HIGH PATCH This Week

Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Intel Extreme Tuning Utility
NVD
CVSS 3.1
7.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy