Skip to main content
CVE-2022-26138 CRITICAL POC KEV PATCH THREAT Act Now

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Atlassian Questions For Confluence
NVD
CVSS 3.1
9.8
EPSS
98.2%
CVE-2022-34045 CRITICAL POC Act Now

Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wl Wn530Hg4 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-34610 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the URL /ihomers/app. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-34609 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the INTF parameter at /doping.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-34608 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the ajaxmsg parameter at /AJAX/ajaxget. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34607 CRITICAL POC THREAT Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the HOST parameter at /doping.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
12.3%
CVE-2022-34606 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EditvsList parameter at /dotrace.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34605 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the HOST parameter at /dotrace.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34604 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the INTF parameter at /dotrace.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34603 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34602 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34601 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34600 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34599 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-24657 CRITICAL POC Act Now

Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol (port 22). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Goldshell Miner Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-2488 CRITICAL POC THREAT Act Now

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn535K2 Firmware Wl Wn535K3 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
28.7%
CVE-2022-2487 CRITICAL POC THREAT Act Now

A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn535K2 Firmware Wl Wn535K3 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
79.5%
CVE-2022-2486 CRITICAL POC THREAT Act Now

A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn535K2 Firmware Wl Wn535K3 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
26.1%
CVE-2022-34588 HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/timetable_insert_form.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-34586 HIGH POC This Week

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/student_grade_wise.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-2492 HIGH POC This Week

A vulnerability was found in SourceCodester Library Management System 1.0 and classified as critical.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2491 HIGH POC This Week

A vulnerability has been found in SourceCodester Library Management System 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2490 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Simple E-Learning System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple E Learning System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2489 HIGH POC This Week

A vulnerability was found in SourceCodester Simple E-Learning System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple E Learning System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-31250 HIGH POC This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Tumbleweed
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-33967 HIGH POC PATCH This Week

squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Buffer Overflow U Boot
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-34047 HIGH POC THREAT This Week

An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wl Wn530Hg4 Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
17.4%
CVE-2022-34046 HIGH POC THREAT This Week

An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wn533A8 Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
16.6%
CVE-2022-22209 HIGH POC This Week

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-24660 HIGH POC This Week

The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Goldshell Miner Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-24659 HIGH POC This Week

Goldshell ASIC Miners v2.2.1 and below was discovered to contain a path traversal vulnerability which allows unauthenticated attackers to retrieve arbitrary files from the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Goldshell Miner Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-34590 HIGH POC This Week

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
3.7%
CVE-2022-34042 HIGH POC This Week

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/household/household.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Barangay Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-22202 MEDIUM POC This Month

An Improper Handling of Exceptional Conditions vulnerability on specific PTX Series devices, including the PTX1000, PTX3000 (NextGen), PTX5000, PTX10002-60C, PTX10008, and PTX10016 Series, in Juniper. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-31160 MEDIUM POC PATCH This Month

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui H300s Firmware H500s Firmware H700s Firmware +6
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2022-34048 MEDIUM POC This Month

Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wn533A8 Firmware
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
5.1%
CVE-2022-26136 CRITICAL PATCH Act Now

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian XSS Bamboo Bitbucket +9
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2022-33318 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Genesis64 Mc Works64
NVD
CVSS 3.1
9.8
EPSS
45.5%
CVE-2022-2141 CRITICAL Act Now

SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mv720 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-2107 CRITICAL Act Now

The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mv720 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-32456 CRITICAL Act Now

Digiwin BPM’s function has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Business Process Management
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-22215 MEDIUM POC This Month

A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module (PAM) of Juniper Networks Junos OS and Junos OS Evolved allows a locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-34049 MEDIUM POC This Month

An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Wl Wn530Hg4 Firmware
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2022-33319 CRITICAL Act Now

Out-of-bounds Read vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Genesis64 Mc Works64
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2022-35569 MEDIUM POC This Month

Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Blogifier
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-26137 HIGH PATCH This Week

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian Bamboo Bitbucket Confluence Data Center +8
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-1264 HIGH This Week

The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Ignition
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-36322 HIGH This Week

In JetBrains TeamCity before 2022.04.2 build parameter injection was possible. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Teamcity
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-33320 HIGH This Week

Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Genesis64 Mc Works64
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-33317 HIGH This Week

Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Genesis64 Mc Works64
NVD
CVSS 3.1
7.8
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy