Skip to main content
CVE-2022-30469 HIGH POC This Week

In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman&section=get&page=grid` leads to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Filerun
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-27438 HIGH POC PATCH This Week

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Advanced Installer Call Flow Designer Crm Template Generator Boomtv Streamer Portal +66
NVD VulDB
CVSS 3.1
8.1
EPSS
2.4%
CVE-2022-29631 HIGH POC PATCH This Week

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Jodd Http
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-32275 HIGH POC This Week

Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Grafana Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
8.6%
CVE-2022-30860 HIGH POC THREAT This Week

FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Fudforum
NVD GitHub
CVSS 3.1
7.2
EPSS
23.0%
CVE-2022-21745 HIGH This Week

In WIFI Firmware, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Use After Free Denial Of Service +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-1680 HIGH This Week

An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
15.5%
CVE-2022-31486 HIGH This Week

An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-31483 HIGH This Week

An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-30587 HIGH This Week

Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gradle Enterprise
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-22396 HIGH This Week

Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-23712 HIGH PATCH This Week

A Denial of Service flaw was discovered in Elasticsearch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Elastic Elasticsearch
NVD
CVSS 3.1
7.5
EPSS
7.4%
CVE-2022-21757 HIGH This Week

In WIFI Firmware, there is a possible system crash due to a missing count check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-31484 HIGH This Week

An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31482 HIGH This Week

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31480 HIGH This Week

An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-30586 HIGH This Week

Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Information Disclosure Gradle
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-1944 HIGH PATCH This Week

When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Gitlab
NVD
CVSS 3.1
7.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy