Skip to main content
CVE-2022-37130 CRITICAL POC THREAT Act Now

In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
26.3%
CVE-2022-37125 CRITICAL POC Act Now

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-36201 CRITICAL POC Act Now

Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctor S Appointment System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-37128 CRITICAL POC THREAT Act Now

In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
21.2%
CVE-2022-36566 CRITICAL POC Act Now

Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rengine
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-2466 CRITICAL POC PATCH Act Now

It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Request Smuggling Quarkus
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-37129 HIGH POC This Week

D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
8.3%
CVE-2022-37123 HIGH POC This Week

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-36569 HIGH POC This Week

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-36568 HIGH POC This Week

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-37184 HIGH POC This Week

The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Garage Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-2132 HIGH POC This Week

A permissive list of allowed inputs flaw was found in DPDK. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Data Plane Development Kit Fedora Debian Linux Enterprise Linux Fast Datapath +4
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2022-36619 HIGH POC This Week

In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-36620 HIGH POC THREAT This Week

D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
23.2%
CVE-2022-36581 HIGH POC This Week

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Ordering System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-38152 HIGH POC This Week

An issue was discovered in wolfSSL before 5.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wolfssl
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-37122 HIGH POC THREAT This Week

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Pcoweb Card Firmware Applica Pcoweb Hvac Bacnet Gateway
NVD
CVSS 3.1
7.5
EPSS
19.7%
CVE-2022-36582 HIGH POC This Week

An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Garage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-36580 HIGH POC This Week

An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Ordering System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-36571 HIGH POC This Week

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-36570 HIGH POC This Week

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-1247 HIGH POC This Week

An issue found in linux-kernel that leads to a race condition in rose_connect(). Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Linux Race Condition Information Disclosure Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-38812 MEDIUM POC This Month

AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Aerocms
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2022-2521 MEDIUM POC This Month

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-2520 MEDIUM POC This Month

A flaw was found in libtiff 4.4.0rc1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-2519 MEDIUM POC This Month

There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libtiff Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-36203 MEDIUM POC This Month

Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Doctor S Appointment System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-37183 MEDIUM POC This Month

Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Piwigo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-1355 MEDIUM POC PATCH This Month

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Stack Overflow Buffer Overflow Libtiff Fedora +3
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-36202 CRITICAL Act Now

Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Doctor S Appointment System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38153 MEDIUM POC This Month

An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Wolfssl
NVD GitHub
CVSS 3.1
5.9
EPSS
1.8%
CVE-2022-30318 CRITICAL Act Now

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Honeywell Denial Of Service Controledge Plc Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-21941 CRITICAL Act Now

All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Istar Ultra Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-36045 CRITICAL PATCH Act Now

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PostgreSQL Redis Information Disclosure Node.js Nodebb
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-37021 CRITICAL PATCH Act Now

Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Java Geode
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-2153 MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Fedora +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-1354 MEDIUM POC PATCH This Month

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Libtiff Fedora +3
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-1325 MEDIUM POC PATCH This Month

A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cimg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-1263 MEDIUM POC PATCH This Month

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-39046 MEDIUM POC This Month

An issue was discovered in the GNU C Library (glibc) 2.36. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glibc H300s Firmware H500s Firmware H700s Firmware +3
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2022-30317 CRITICAL Act Now

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Honeywell Denial Of Service Experion Lx Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-2003 CRITICAL PATCH Act Now

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass D0 06Dd1 Firmware D0 06Dd2 Firmware D0 06Dr Firmware D0 06Da Firmware +5
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2022-36051 HIGH PATCH This Week

ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER`. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zitadel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-1552 HIGH PATCH This Week

A flaw was found in PostgreSQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PostgreSQL Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
12.4%
CVE-2022-1271 HIGH PATCH This Week

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gzip Jboss Data Grid Debian Linux Xz
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2022-37022 HIGH PATCH This Week

Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Deserialization Java Geode
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-39047 HIGH PATCH This Week

Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Installer utility's handling of the modpack URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Freeciv
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-1205 MEDIUM POC PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. Rated medium severity (CVSS 4.7). Public exploit code available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2022-2759 HIGH PATCH This Week

Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Delta Robot Automation Studio
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2022-34383 HIGH PATCH This Week

Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

RCE Dell Command Injection Edge Gateway 5200 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy