Skip to main content
CVE-2022-35161 CRITICAL POC Act Now

GVRET Stable Release as of Aug 15, 2015 was discovered to contain a buffer overflow via the handleConfigCmd function at SerialConsole.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Generalized Electric Vehicle Reverse Engineering Tool
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35620 CRITICAL POC THREAT Act Now

D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Dir 818L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
31.3%
CVE-2022-35619 CRITICAL POC Act Now

D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Dir 818L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-34974 CRITICAL POC THREAT Act Now

D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 810L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
23.0%
CVE-2022-34937 HIGH POC This Week

Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF PHP U5Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-34928 HIGH POC This Week

JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-31197 HIGH POC PATCH This Week

PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PostgreSQL SQLi Java Postgresql Jdbc Driver Debian Linux +1
NVD GitHub
CVSS 3.1
8.0
EPSS
1.7%
CVE-2022-34992 HIGH POC This Week

Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the function UnsetPending. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Luadec
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-34927 HIGH POC PATCH This Week

MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Milkytracker
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-35506 HIGH POC This Week

TripleCross v0.1.0 was discovered to contain a stack overflow which occurs because there is no limit to the length of program parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Triplecross
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-35505 HIGH POC This Week

A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Triplecross
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-35158 HIGH POC This Week

A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service (DoS) via a crafted lua script. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tscancode
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34973 HIGH POC THREAT This Week

D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 820L Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
14.8%
CVE-2022-35737 HIGH POC PATCH THREAT This Week

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sqlite Ontap Select Deploy Administration Utility Universal Forwarder
NVD
CVSS 3.1
7.5
EPSS
18.0%
CVE-2022-34969 HIGH POC This Week

PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Tidb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34968 HIGH POC This Week

An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Percona Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34967 HIGH POC This Week

The assertion `stmt->Dbc->FirstStmt' failed in MonetDB Database Server v11.43.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Monetdb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-35866 CRITICAL Act Now

This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vinchin Backup And Recovery
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-35865 CRITICAL PATCH Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

RCE Authentication Bypass Track It
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-2272 CRITICAL Act Now

This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sante Pacs Server
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-32292 CRITICAL PATCH Act Now

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Connman Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-36197 MEDIUM POC This Month

BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload Bigtree Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-28684 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Devexpress
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2022-36359 HIGH PATCH This Week

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Python Django Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-32293 HIGH PATCH This Week

In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Connman Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2022-37396 HIGH This Week

In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Rider
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-28668 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.9.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Dicom Viewer Pro
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-37394 LOW POC PATCH Monitor

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Nova
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2022-34871 HIGH This Week

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon
NVD
CVSS 3.1
7.2
EPSS
2.4%
CVE-2022-27616 HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Command Injection Diskstation Manager
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2022-35867 MEDIUM This Month

This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Xhyve
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-27551 MEDIUM This Month

HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hcl Launch
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-35864 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Track It
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-34872 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2022-27618 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Storage Analyzer
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-27619 MEDIUM This Month

Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Synology Note Station
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-35928 MEDIUM PATCH This Month

AES Crypt is a file encryption software for multiple platforms. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Aes Crypt
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-27620 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Sso Server
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2022-31175 MEDIUM PATCH This Month

CKEditor 5 is a JavaScript rich text editor. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Ckeditor5 Html Embed Ckeditor5 Html Support Ckeditor5 Markdown Gfm
NVD GitHub
CVSS 3.1
4.7
EPSS
0.6%
CVE-2022-27484 MEDIUM This Month

A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiadc
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-23442 MEDIUM This Month

An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-36800 MEDIUM This Month

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Atlassian Jira Service Management
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-27617 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Calendar
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-27621 LOW Monitor

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Usb Copy
NVD
CVSS 3.1
3.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy