Skip to main content
CVE-2022-1043 HIGH POC PATCH Act Now

A flaw was found in the Linux kernel’s io_uring implementation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel
NVD GitHub
CVSS 3.1
8.8
EPSS
3.7%
CVE-2022-32993 CRITICAL POC Act Now

TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A7000r Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36553 CRITICAL POC THREAT Act Now

Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Hwl 2511 Ss Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
90.8%
CVE-2022-32548 CRITICAL POC THREAT Act Now

An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vigor3910 Firmware Vigor1000B Firmware Vigor2962 Firmware Vigor2962P Firmware +64
NVD
CVSS 3.1
9.8
EPSS
33.8%
CVE-2022-22897 CRITICAL POC THREAT Act Now

A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ap Pagebuilder
NVD
CVSS 3.1
9.8
EPSS
10.8%
CVE-2022-25921 CRITICAL POC Act Now

All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Morgan Json
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-25644 CRITICAL POC Act Now

All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Get Process By Name
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-21165 CRITICAL POC Act Now

All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Font Converter
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-36572 CRITICAL POC THREAT Act Now

Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /upload/admin.php?/deal/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Enterprise Website System
NVD GitHub
CVSS 3.1
9.8
EPSS
21.1%
CVE-2022-36690 HIGH POC This Week

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ingredient Stock Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-36689 HIGH POC This Week

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ingredient Stock Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-36688 HIGH POC This Week

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ingredient Stock Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-36686 HIGH POC This Week

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ingredient Stock Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-3019 HIGH POC PATCH This Week

The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Tooljet
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-36036 HIGH POC PATCH This Week

mdx-mermaid provides plug and play access to Mermaid in MDX. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Code Injection Mdx Mermaid
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-0367 HIGH POC PATCH This Week

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libmodbus Extra Packages For Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-38511 HIGH POC This Week

TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A810R Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-38510 HIGH POC This Week

Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tx9 Pro Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36616 HIGH POC This Week

TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A810R Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36615 HIGH POC This Week

TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3000Ru Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36614 HIGH POC This Week

TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A860R Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36613 HIGH POC This Week

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass N600r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36612 HIGH POC This Week

TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A950rg Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36611 HIGH POC This Week

TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A800R Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36610 HIGH POC This Week

TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A720R Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-37177 HIGH POC This Week

HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hiring Platform
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-36200 HIGH POC This Week

In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hg150 Ub Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-2559 HIGH POC This Week

The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Fluent Support
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-2261 HIGH POC This Week

The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Wpide
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-1123 HIGH POC This Week

The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress SQLi Leaflet Maps Marker
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-0850 HIGH POC PATCH This Week

A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-0497 HIGH POC PATCH This Week

A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Openscad
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-0284 HIGH POC PATCH This Week

A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2022-2638 MEDIUM POC This Month

The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Export All Urls
NVD WPScan
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-1663 MEDIUM POC This Month

The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Stop Spam Comments
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-36687 MEDIUM POC This Month

Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Ingredient Stock Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-21385 MEDIUM POC This Month

A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle Denial Of Service Linux
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2022-2599 MEDIUM POC This Month

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Anti Malware Security And Brute Force Firewall
NVD WPScan
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-2538 MEDIUM POC This Month

The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Hide Security Enhancer
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2537 MEDIUM POC This Month

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Woocommerce Pdf Invoices Packing Slips
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-36033 MEDIUM POC PATCH This Month

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla XSS Java Jsoup Management Services For Element Software +2
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-36573 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pagekit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-36560 CRITICAL Act Now

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Skybridge Mb A200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-36559 CRITICAL Act Now

Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Skybridge Mb A200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-36558 CRITICAL Act Now

Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Skybridge Mb A100 Firmware Skybridge Mb A110 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-36557 CRITICAL Act Now

Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Skybridge Mb A100 Firmware Skybridge Mb A110 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-36556 CRITICAL Act Now

Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerability via the ipAddress parameter at 07system08execute_ping_01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Skybridge Mb A100 Firmware Skybridge Mb A110 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-36555 CRITICAL Act Now

Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hwl 2511 Ss Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-36554 CRITICAL Act Now

A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows attackers to execute arbitrary commands with root privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Hwl 2511 Ss Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-34668 CRITICAL POC PATCH Act Now

NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Denial Of Service Nvflare
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
8.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy