Skip to main content
CVE-2022-37130 CRITICAL POC THREAT Act Now

In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
26.3%
CVE-2022-37125 CRITICAL POC Act Now

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-36201 CRITICAL POC Act Now

Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctor S Appointment System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-37128 CRITICAL POC THREAT Act Now

In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
21.2%
CVE-2022-36566 CRITICAL POC Act Now

Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rengine
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-2466 CRITICAL POC PATCH Act Now

It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Request Smuggling Quarkus
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-36202 CRITICAL Act Now

Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Doctor S Appointment System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-30318 CRITICAL Act Now

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Honeywell Denial Of Service Controledge Plc Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-21941 CRITICAL Act Now

All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Istar Ultra Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-36045 CRITICAL PATCH Act Now

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PostgreSQL Redis Information Disclosure Node.js Nodebb
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-37021 CRITICAL PATCH Act Now

Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Java Geode
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-30317 CRITICAL Act Now

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Honeywell Denial Of Service Experion Lx Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-2003 CRITICAL PATCH Act Now

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass D0 06Dd1 Firmware D0 06Dd2 Firmware D0 06Dr Firmware D0 06Da Firmware +5
NVD
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy