Skip to main content
CVE-2022-35143 CRITICAL POC PATCH Act Now

Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force Raneto
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-35929 CRITICAL POC PATCH Act Now

cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Cosign
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-34993 CRITICAL POC Act Now

Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-34970 CRITICAL POC PATCH Act Now

Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Crow
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-2656 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Multi Language Hotel Management Software
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2651 CRITICAL POC PATCH THREAT Act Now

Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Bookwyrm
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
11.8%
CVE-2022-2648 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Multi Language Hotel Management Software. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Multi Language Hotel Management Software
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2644 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Admission System and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Admission System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2643 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Online Admission System and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Admission System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-37030 HIGH POC This Week

Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Gromox
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-35858 HIGH POC This Week

The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Samsung Denial Of Service Mtower
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-31793 HIGH POC THREAT This Week

do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Muhttpd Nvg443 Firmware Nvg599 Firmware Nvg589 Firmware +3
NVD
CVSS 3.1
7.5
EPSS
12.0%
CVE-2022-35142 HIGH POC PATCH This Week

An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Raneto
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-34862 HIGH POC This Week

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-2653 MEDIUM POC PATCH This Month

With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Planka
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-2646 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Online Admission System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Admission System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-2652 MEDIUM POC PATCH This Month

Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service V4L2Loopback
NVD GitHub
CVSS 3.1
6.0
EPSS
0.3%
CVE-2022-35927 CRITICAL PATCH Act Now

Contiki-NG is an open-source, cross-platform operating system for IoT devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-35728 CRITICAL Act Now

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-31132 CRITICAL Act Now

Nextcloud Mail is an email application for the nextcloud personal cloud product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Nextcloud PHP Mail
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-25168 CRITICAL PATCH Act Now

Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Command Injection RCE Hadoop
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2022-32965 CRITICAL Act Now

OMICARD EDM has a hard-coded machine key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Omicard Edm
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-32964 CRITICAL Act Now

OMICARD EDM’s API function has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Omicard Edm
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-2647 CRITICAL Act Now

A vulnerability was found in jeecg-boot. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Jeecg Boot
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-35243 CRITICAL Act Now

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2022-34865 CRITICAL Act Now

In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2022-35930 HIGH PATCH This Week

PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubernetes Jwt Attack Policy Controller
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-35144 MEDIUM POC PATCH This Month

Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Raneto
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-34158 HIGH PATCH This Week

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache CSRF Privilege Escalation Jspwiki
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-31473 HIGH This Week

In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Big Ip Access Policy Manager
NVD
CVSS 3.1
7.7
EPSS
1.8%
CVE-2022-35926 HIGH PATCH This Week

Contiki-NG is an open-source, cross-platform operating system for IoT devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-35245 HIGH This Week

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Big Ip Access Policy Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-35240 HIGH This Week

In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-35236 HIGH This Week

In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-34844 HIGH This Week

In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Elastic Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-34655 HIGH This Week

In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-34651 HIGH This Week

In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-33203 HIGH This Week

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Ssl Orchestrator
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-32455 HIGH This Week

In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-35216 HIGH This Week

OMICARD EDM’s mail image relay function has a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Omicard Edm
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-32963 HIGH This Week

OMICARD EDM’s mail file relay function has a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Omicard Edm
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-35735 HIGH This Week

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-33962 MEDIUM This Month

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-35241 MEDIUM This Month

In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nginx Denial Of Service Nginx Instance Manager
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34851 MEDIUM This Month

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-33947 MEDIUM This Month

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Deserialization Big Ip Domain Name System
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-30535 MEDIUM This Month

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nginx Information Disclosure Nginx Ingress Controller
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-28731 MEDIUM PATCH This Month

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache CSRF Jspwiki
NVD
CVSS 3.1
6.5
EPSS
56.3%
CVE-2022-2645 MEDIUM This Month

A vulnerability has been found in SourceCodester Garage Management System and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Garage Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-28732 MEDIUM PATCH This Month

A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Jspwiki
NVD
CVSS 3.1
6.1
EPSS
81.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy