Skip to main content
CVE-2022-31874 CRITICAL POC THREAT Act Now

ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rt N53 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
19.1%
CVE-2022-31941 CRITICAL POC Act Now

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\manage_user&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rescue Dispatch Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-29496 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of Blynk -Library v1.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Blynk Library
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-21806 CRITICAL POC Act Now

A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Eufy Homebase 2 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-30422 CRITICAL POC Act Now

Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Planet Time Enterprise
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2022-31357 CRITICAL POC Act Now

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-31356 CRITICAL POC Act Now

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-31355 CRITICAL POC Act Now

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-2112 HIGH POC PATCH This Week

Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Inventree
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-2111 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Inventree
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-25871 HIGH POC This Week

All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Querymen
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-25856 HIGH POC PATCH This Week

The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Argo Events
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-25852 HIGH POC PATCH This Week

All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Node.js Libpq Pg Native
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-25345 HIGH POC PATCH This Week

All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-22138 HIGH POC This Week

All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fast String Search
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-21213 HIGH POC PATCH This Week

This affects all versions of package mout. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Mout
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-32276 HIGH POC This Week

Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Grafana
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2022-31875 MEDIUM POC This Month

Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tv Ip110Wn Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-31873 MEDIUM POC This Month

Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tv Ip110Wn Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-32444 MEDIUM POC This Month

An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect U5Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2022-32442 MEDIUM POC This Month

u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS U5Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-45024 CRITICAL Act Now

ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Ags Zena
NVD VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-22485 CRITICAL PATCH Act Now

In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Spectrum Protect Operations Center
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-31784 CRITICAL Act Now

A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Mivoice Business Mivoice Business Express
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-31296 CRITICAL Act Now

Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Discussion Forum
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-2113 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Inventree
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-31876 MEDIUM POC This Month

netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Netgear Information Disclosure Wnap320 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-25872 MEDIUM POC This Month

All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Fast String Search
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-33912 HIGH This Week

A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Debian Checkmk
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-45025 HIGH This Week

ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ags Zena
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-31083 HIGH PATCH This Week

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Node.js Apple Parse Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-33915 HIGH This Week

Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Race Condition Apache Java Hotpatch
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-30607 MEDIUM PATCH This Month

IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Robotic Process Automation
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-45026 MEDIUM This Month

ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ags Zena
NVD VulDB
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-21184 MEDIUM This Month

An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Atvise
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2022-31246 MEDIUM This Month

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Electrum
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-21503 MEDIUM This Month

Vulnerability in the Oracle Cloud Infrastructure product of Oracle Cloud Services. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Cloud Infrastructure
NVD
CVSS 3.1
4.9
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy