Skip to main content
CVE-2022-24562 CRITICAL POC THREAT Emergency

In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.9%.

RCE Authentication Bypass Iotransfer
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
53.9%
Threat
5.1
CVE-2022-30023 HIGH POC THREAT Act Now

Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.6%.

Tenda Command Injection Hg9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
43.6%
Threat
4.6
CVE-2022-31384 CRITICAL POC Act Now

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Directory Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-31383 CRITICAL POC Act Now

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Directory Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-31382 CRITICAL POC Act Now

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Directory Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-2098 CRITICAL POC PATCH Act Now

Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Brute Force Information Disclosure Titra
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-26173 HIGH POC This Week

JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jforum
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-31849 HIGH POC This Week

MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code execution (RCE) vulnerability which is exploitable via a crafted POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mipc451 4 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-31277 HIGH POC This Week

Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Xiaomi Lamp 1 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-31626 HIGH POC THREAT This Week

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Buffer Overflow Debian Linux
NVD
CVSS 3.1
8.8
EPSS
58.4%
CVE-2022-31625 HIGH POC This Week

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Denial Of Service PostgreSQL Debian Linux
NVD
CVSS 3.1
8.1
EPSS
3.4%
CVE-2022-31464 HIGH POC This Week

Insecure permissions configuration in Adaware Protect v1.2.439.4251 allows attackers to escalate privileges via changing the service binary path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Protect
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-31295 HIGH POC This Week

An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Online Discussion Forum Site
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-31912 HIGH POC This Week

Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=delete_team. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tutor Portal Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-31911 HIGH POC This Week

Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via /odfs/classes/Master.php?f=delete_team. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Discussion Forum Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-31908 HIGH POC This Week

Student Registration and Fee Payment System v1.0 is vulnerable to SQL Injection via /scms/student.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Registration And Fee Payment System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30327 MEDIUM POC This Month

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tew 831Dr Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-31294 MEDIUM POC This Month

An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Online Discussion Forum Site
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-31299 MEDIUM POC This Month

Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Haraj
NVD GitHub
CVSS 3.1
6.1
EPSS
4.7%
CVE-2022-30329 CRITICAL Act Now

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Tew 831Dr Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-33754 CRITICAL Act Now

CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ca Automic Automation
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-33752 CRITICAL Act Now

CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ca Automic Automation
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-33750 CRITICAL Act Now

CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ca Automic Automation
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-2085 MEDIUM POC PATCH This Month

A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Ghostscript Fedora
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2022-31914 MEDIUM POC This Month

Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zoo Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30325 HIGH This Week

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Tew 831Dr Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-33753 HIGH This Week

CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ca Automic Automation
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-30670 HIGH This Week

RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Robohelp Server
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-31913 MEDIUM POC This Month

Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Discussion Forum Site
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-31910 MEDIUM POC This Month

Online Tutor Portal Site v1.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Tutor Portal Site
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-31906 MEDIUM POC This Month

Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Master.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Fire Reporting System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-27511 HIGH This Week

Corruption of the system by a remote, unauthenticated user. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Application Delivery Management
NVD
CVSS 3.1
8.1
EPSS
12.3%
CVE-2022-32547 HIGH PATCH This Week

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-32546 HIGH PATCH This Week

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Imagemagick Extra Packages For Enterprise Linux Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-32545 HIGH PATCH This Week

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Imagemagick Extra Packages For Enterprise Linux Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-30664 HIGH This Week

Adobe Animate version 22.0.5 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Animate
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2022-30657 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Adobe Incopy
NVD
CVSS 3.0
7.8
EPSS
2.5%
CVE-2022-30656 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Incopy
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2022-30655 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Adobe Incopy
NVD
CVSS 3.0
7.8
EPSS
2.5%
CVE-2022-30654 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Buffer Overflow Heap Overflow Incopy
NVD
CVSS 3.0
7.8
EPSS
5.9%
CVE-2022-30653 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Incopy
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2022-30652 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Incopy
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2022-30651 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Incopy
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2022-30650 HIGH This Week

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Buffer Overflow Heap Overflow Incopy
NVD
CVSS 3.0
7.8
EPSS
5.9%
CVE-2022-30665 HIGH This Week

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Indesign
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2022-30663 HIGH This Week

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Indesign
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2022-30662 HIGH This Week

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Indesign
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2022-30661 HIGH This Week

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Buffer Overflow Heap Overflow Indesign
NVD
CVSS 3.0
7.8
EPSS
5.9%
CVE-2022-30660 HIGH This Week

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Indesign
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2022-30659 HIGH This Week

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Buffer Overflow Indesign
NVD
CVSS 3.1
7.8
EPSS
1.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy