Skip to main content
CVE-2022-26138 CRITICAL POC KEV PATCH THREAT Act Now

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Atlassian Questions For Confluence
NVD
CVSS 3.1
9.8
EPSS
98.2%
CVE-2022-34045 CRITICAL POC Act Now

Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wl Wn530Hg4 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-34610 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the URL /ihomers/app. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-34609 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the INTF parameter at /doping.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-34608 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the ajaxmsg parameter at /AJAX/ajaxget. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34607 CRITICAL POC THREAT Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the HOST parameter at /doping.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
12.3%
CVE-2022-34606 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EditvsList parameter at /dotrace.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34605 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the HOST parameter at /dotrace.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34604 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the INTF parameter at /dotrace.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34603 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34602 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34601 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34600 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34599 CRITICAL POC Act Now

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-24657 CRITICAL POC Act Now

Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol (port 22). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Goldshell Miner Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-2488 CRITICAL POC THREAT Act Now

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn535K2 Firmware Wl Wn535K3 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
28.7%
CVE-2022-2487 CRITICAL POC THREAT Act Now

A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn535K2 Firmware Wl Wn535K3 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
79.5%
CVE-2022-2486 CRITICAL POC THREAT Act Now

A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn535K2 Firmware Wl Wn535K3 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
26.1%
CVE-2022-26136 CRITICAL PATCH Act Now

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian XSS Bamboo Bitbucket +9
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2022-33318 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Genesis64 Mc Works64
NVD
CVSS 3.1
9.8
EPSS
45.5%
CVE-2022-2141 CRITICAL Act Now

SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mv720 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-2107 CRITICAL Act Now

The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mv720 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-32456 CRITICAL Act Now

Digiwin BPM’s function has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Business Process Management
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-33319 CRITICAL Act Now

Out-of-bounds Read vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Genesis64 Mc Works64
NVD
CVSS 3.1
9.1
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy