Skip to main content
CVE-2022-1043 HIGH POC PATCH Act Now

A flaw was found in the Linux kernel’s io_uring implementation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel
NVD GitHub
CVSS 3.1
8.8
EPSS
3.7%
CVE-2022-36690 HIGH POC This Week

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ingredient Stock Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-36689 HIGH POC This Week

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ingredient Stock Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-36688 HIGH POC This Week

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ingredient Stock Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-36686 HIGH POC This Week

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ingredient Stock Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-3019 HIGH POC PATCH This Week

The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Tooljet
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-36036 HIGH POC PATCH This Week

mdx-mermaid provides plug and play access to Mermaid in MDX. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Code Injection Mdx Mermaid
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-0367 HIGH POC PATCH This Week

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libmodbus Extra Packages For Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-38511 HIGH POC This Week

TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A810R Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-38510 HIGH POC This Week

Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tx9 Pro Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36616 HIGH POC This Week

TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A810R Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36615 HIGH POC This Week

TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3000Ru Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36614 HIGH POC This Week

TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A860R Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36613 HIGH POC This Week

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass N600r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36612 HIGH POC This Week

TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A950rg Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36611 HIGH POC This Week

TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A800R Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36610 HIGH POC This Week

TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A720R Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-37177 HIGH POC This Week

HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hiring Platform
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-36200 HIGH POC This Week

In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hg150 Ub Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-2559 HIGH POC This Week

The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Fluent Support
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-2261 HIGH POC This Week

The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Wpide
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-1123 HIGH POC This Week

The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress SQLi Leaflet Maps Marker
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-0850 HIGH POC PATCH This Week

A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-0497 HIGH POC PATCH This Week

A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Openscad
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-0284 HIGH POC PATCH This Week

A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2022-38625 HIGH This Week

Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Nbm D88N Firmware Nhl 3Fb1 Firmware Nhl 3Fv1N Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-38772 HIGH This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Netflow Analyzer Manageengine Network Configuration Manager Manageengine Opmanager +3
NVD
CVSS 3.1
8.8
EPSS
77.6%
CVE-2022-0336 HIGH PATCH This Week

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Samba Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-1117 HIGH PATCH This Week

A vulnerability was found in fapolicyd. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Path Traversal Fapolicyd
NVD GitHub
CVSS 3.1
8.4
EPSS
0.3%
CVE-2022-0358 HIGH PATCH This Week

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Qemu Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-37681 HIGH This Week

Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Hc Ip9100Hd Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-37680 HIGH This Week

An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hc Ip9100Hd Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-36034 HIGH PATCH This Week

nitrado.js is a type safe wrapper for the Nitrado API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nitrado Js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-27558 HIGH This Week

HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Domino Hcl Inotes
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-1199 HIGH PATCH This Week

A flaw was found in the Linux kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +7
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-0934 HIGH PATCH This Week

A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Dnsmasq Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-0400 HIGH This Week

An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Information Disclosure Buffer Overflow Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-27547 HIGH This Week

HCL iNotes is susceptible to a link to non-existent domain vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Hcl Inotes Domino
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2022-2961 HIGH This Week

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +6
NVD
CVSS 3.1
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy