Skip to main content
CVE-2022-30105 CRITICAL POC Act Now

In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N300 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-1795 CRITICAL POC PATCH Act Now

Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Gpac
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-29645 CRITICAL POC Act Now

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3100R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-29644 CRITICAL POC Act Now

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3100R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-28956 CRITICAL POC THREAT Act Now

An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP D-Link Information Disclosure Dir 816L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
22.4%
CVE-2022-23067 HIGH POC PATCH This Week

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tooljet
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-1727 HIGH POC PATCH This Week

Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Drawio
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-29639 HIGH POC This Week

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection A3100R Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
1.8%
CVE-2022-30065 HIGH POC This Week

A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption RCE Busybox +6
NVD VulDB
CVSS 3.1
7.8
EPSS
1.2%
CVE-2022-29641 HIGH POC This Week

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption A3100R Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-30033 HIGH POC This Week

Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Tx9 Pro Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-28917 HIGH POC This Week

Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ax12 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
9.3%
CVE-2022-1767 HIGH POC PATCH This Week

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Drawio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-1430 HIGH POC PATCH This Week

Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS Octoprint
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-29643 HIGH POC This Week

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow A3100R Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-29642 HIGH POC This Week

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow A3100R Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-29640 HIGH POC This Week

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow A3100R Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-29638 HIGH POC This Week

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow A3100R Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-28955 HIGH POC THREAT This Week

An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass D-Link Dir 816L Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
38.3%
CVE-2022-30976 HIGH POC This Week

GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.1
7.1
EPSS
0.8%
CVE-2022-1734 HIGH POC PATCH This Week

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware. Rated high severity (CVSS 7.0). Public exploit code available.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +9
NVD GitHub
CVSS 3.1
7.0
EPSS
0.5%
CVE-2022-30111 MEDIUM POC This Month

Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the mechanism via replay attacks. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mck Smartlock
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-28921 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Blogengine Net
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-28924 MEDIUM POC This Month

An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Universis Students
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-1432 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. Public exploit code available.

XSS Octoprint
NVD GitHub
CVSS 3.1
6.4
EPSS
1.2%
CVE-2022-1774 MEDIUM POC PATCH This Month

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Drawio
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-1782 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para prior to v1.45.11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Para
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-30600 CRITICAL PATCH Act Now

A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2022-30599 CRITICAL PATCH Act Now

A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-29516 CRITICAL Act Now

The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC, IPCOM EX2 DC,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ipcom Ex2 Nw 1100 Firmware Ipcom Ex2 Nw 3500 Firmware Ipcom Ex2 Nw 3200 Firmware Ipcom Ex2 Sc 1100 Firmware +42
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-1771 MEDIUM POC PATCH This Month

Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vim
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2022-30975 MEDIUM POC This Month

In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Mujs Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-30974 MEDIUM POC This Month

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mujs Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-23068 MEDIUM POC PATCH This Month

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Tooljet
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-29646 MEDIUM POC This Month

An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3100R Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-22785 CRITICAL Act Now

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Apple Information Disclosure Meetings
NVD
CVSS 3.1
9.1
EPSS
3.7%
CVE-2022-22778 HIGH This Week

The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Businessconnect Trading Community Management
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-22786 HIGH This Week

The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Meetings Rooms
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-27632 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Watch Boot Nino Rpc M2C Firmware Watch Boot Light Rpc M5C Firmware Watch Boot L Zero Rpc M4L Firmware Watch Boot Mini Rpc M4H Firmware +11
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-25161 HIGH This Week

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Melsec Iq Fx5U 32Mt Es Firmware Melsec Iq Fx5U 32Mt Ds Firmware Melsec Iq Fx5U 32Mt Ess Firmware Melsec Iq Fx5U 32Mt Dss Firmware +69
NVD
CVSS 3.1
8.6
EPSS
3.9%
CVE-2022-22784 HIGH This Week

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Microsoft Apple Information Disclosure Meetings
NVD
CVSS 3.1
8.1
EPSS
4.3%
CVE-2022-30138 HIGH PATCH This Week

Windows Print Spooler Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-0883 HIGH This Week

SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Snow License Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-30994 HIGH PATCH This Week

Cleartext transmission of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-30993 HIGH PATCH This Week

Cleartext transmission of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-30990 HIGH PATCH This Week

Sensitive information disclosure due to insecure folder permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Cyber Protect Agent
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-22787 HIGH This Week

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Google Microsoft Apple Information Disclosure Meetings
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2022-29229 HIGH PATCH This Week

CaSS is a Competency and Skills System. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Information Disclosure Competency And Skills System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2022-29445 HIGH This Week

Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Popup Box
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-29518 HIGH This Week

Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 series(GC-A22W-CW, GC-A24W-C(W),. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Remote Gc Screen Creator Advance 2 Gc A22W Cw Firmware Gc A24 Firmware +6
NVD
CVSS 3.1
7.0
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy