Skip to main content
CVE-2021-42627 CRITICAL POC THREAT Emergency

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.4%.

D-Link Information Disclosure Dir 615 Firmware Dir 615 J1 Firmware Dir 615 T1 Firmware +1
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
67.4%
Threat
5.5
CVE-2022-37113 CRITICAL POC THREAT Act Now

Bluecms 1.6 has SQL injection in line 132 of admin/area.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bluecms
NVD GitHub
CVSS 3.1
9.8
EPSS
14.4%
CVE-2022-37112 CRITICAL POC Act Now

BlueCMS 1.6 has SQL injection in line 55 of admin/model.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bluecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37111 CRITICAL POC Act Now

BlueCMS 1.6 has SQL injection in line 132 of admin/article.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bluecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37223 CRITICAL POC Act Now

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37199 CRITICAL POC Act Now

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34919 CRITICAL POC Act Now

The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Contensis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-36261 CRITICAL POC Act Now

An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Taocms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-2946 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0246. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-42232 CRITICAL Act Now

TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Command Injection Archer A7 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-38463 MEDIUM POC This Month

ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Servicenow
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2022-2956 MEDIUM POC This Month

A vulnerability classified as problematic has been found in ConsoleTVs Noxen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Noxen
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-35115 CRITICAL Act Now

IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Webclient Dc2
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-35726 CRITICAL Act Now

Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Video Gallery
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-35733 CRITICAL Act Now

Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders (UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Udr Ja1004 Firmware Udr Ja1008 Firmware Udr Ja1016 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-2829 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-1513 HIGH This Week

A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Lenovo Command Injection Pcmanager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-36394 HIGH This Week

Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Contest Gallery
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-36389 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Better Messages
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-36379 HIGH This Week

Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Yukassa For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-36292 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Gallery Photoblocks
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-36288 HIGH This Week

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Download Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-2796 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
4.8
EPSS
1.5%
CVE-2022-2965 MEDIUM POC PATCH This Month

Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Notrinoserp
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-31676 HIGH PATCH This Week

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

VMware Privilege Escalation Tools Debian Linux Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-2938 HIGH PATCH This Week

A flaw was found in the Linux kernel's implementation of Pressure Stall Information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-35278 MEDIUM PATCH This Month

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache XSS Artemis Active Iq Unified Manager Oncommand Workflow Automation
NVD VulDB
CVSS 3.1
6.1
EPSS
7.9%
CVE-2022-35203 HIGH This Week

An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Tv Ip572Pi Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
2.0%
CVE-2022-28883 HIGH This Week

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Elements Endpoint Protection Atlant Cloud Protection For Salesforce Elements Collaboration Protection +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-28882 HIGH This Week

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Elements Endpoint Protection Atlant Cloud Protection For Salesforce Elements Collaboration Protection +3
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-25888 HIGH PATCH This Week

The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Opcua
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-25761 HIGH PATCH This Week

The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Open62541 Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-25304 HIGH PATCH This Week

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Asyncua Opcua
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-25302 HIGH This Week

All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Opc Ua Stack
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-25231 HIGH PATCH This Week

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Node Opcua
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-24381 HIGH This Week

All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Opc Ua Stack
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-24298 HIGH This Week

All versions of package freeopcua/freeopcua are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freeopcua
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-21208 HIGH PATCH This Week

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Node Opcua
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-33916 HIGH PATCH This Week

OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ua Net Standard Stack
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-36285 HIGH This Week

Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Uploading Svg Webp And Ico Files
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-34486 HIGH PATCH This Week

Path traversal vulnerability in PukiWiki versions 1.4.5 to 1.5.3 allows a remote authenticated attacker with an administrative privilege to execute a malicious script via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Pukiwiki
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-35191 MEDIUM This Month

D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service D-Link Dsl 3782 Firmware
NVD VulDB
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-38665 MEDIUM PATCH This Month

Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Collabnet
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-38663 MEDIUM PATCH This Month

Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Git
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-37428 MEDIUM This Month

PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Recursor Fedora
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-34868 MEDIUM PATCH This Month

Authenticated Arbitrary Settings Update vulnerability in YooMoney ЮKassa для WooCommerce plugin <= 2.3.0 at WordPress. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Privilege Escalation Yukassa For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-33142 MEDIUM PATCH This Month

Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

WordPress Denial Of Service Better Messages
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-38172 MEDIUM This Month

ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Servicenow
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-29476 MEDIUM PATCH This Month

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification Bar for WordPress plugin <= 1.1.8 at WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress Notification Bar
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-27637 MEDIUM PATCH This Month

Reflected cross-site scripting vulnerability in PukiWiki versions 1.5.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pukiwiki
NVD
CVSS 3.1
6.1
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy