Skip to main content
CVE-2022-30105 CRITICAL POC Act Now

In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N300 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-1795 CRITICAL POC PATCH Act Now

Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Gpac
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-29645 CRITICAL POC Act Now

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3100R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-29644 CRITICAL POC Act Now

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3100R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-28956 CRITICAL POC THREAT Act Now

An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP D-Link Information Disclosure Dir 816L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
22.4%
CVE-2022-30600 CRITICAL PATCH Act Now

A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2022-30599 CRITICAL PATCH Act Now

A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-29516 CRITICAL Act Now

The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC, IPCOM EX2 DC,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ipcom Ex2 Nw 1100 Firmware Ipcom Ex2 Nw 3500 Firmware Ipcom Ex2 Nw 3200 Firmware Ipcom Ex2 Sc 1100 Firmware +42
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-22785 CRITICAL Act Now

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Apple Information Disclosure Meetings
NVD
CVSS 3.1
9.1
EPSS
3.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy