Skip to main content
CVE-2022-37129 HIGH POC This Week

D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
8.3%
CVE-2022-37123 HIGH POC This Week

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-36569 HIGH POC This Week

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-36568 HIGH POC This Week

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-37184 HIGH POC This Week

The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Garage Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-2132 HIGH POC This Week

A permissive list of allowed inputs flaw was found in DPDK. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Data Plane Development Kit Fedora Debian Linux Enterprise Linux Fast Datapath +4
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2022-36619 HIGH POC This Week

In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 816 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-36620 HIGH POC THREAT This Week

D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
23.2%
CVE-2022-36581 HIGH POC This Week

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Ordering System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-38152 HIGH POC This Week

An issue was discovered in wolfSSL before 5.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wolfssl
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-37122 HIGH POC THREAT This Week

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Pcoweb Card Firmware Applica Pcoweb Hvac Bacnet Gateway
NVD
CVSS 3.1
7.5
EPSS
19.7%
CVE-2022-36582 HIGH POC This Week

An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Garage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-36580 HIGH POC This Week

An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Ordering System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-36571 HIGH POC This Week

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-36570 HIGH POC This Week

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-1247 HIGH POC This Week

An issue found in linux-kernel that leads to a race condition in rose_connect(). Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Linux Race Condition Information Disclosure Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-36051 HIGH PATCH This Week

ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER`. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zitadel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-1552 HIGH PATCH This Week

A flaw was found in PostgreSQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PostgreSQL Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
12.4%
CVE-2022-1271 HIGH PATCH This Week

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gzip Jboss Data Grid Debian Linux Xz
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2022-37022 HIGH PATCH This Week

Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Deserialization Java Geode
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-39047 HIGH PATCH This Week

Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Installer utility's handling of the modpack URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Freeciv
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-2759 HIGH PATCH This Week

Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Delta Robot Automation Studio
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2022-34383 HIGH PATCH This Week

Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

RCE Dell Command Injection Edge Gateway 5200 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2022-2044 HIGH This Week

MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Nport 5110 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-31233 HIGH PATCH This Week

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

Privilege Escalation Evasa Provider Virtual Appliance Solutions Enabler Solutions Enabler Virtual Appliance Unisphere 360 +4
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2022-2897 HIGH This Week

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Scadapro Client Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2896 HIGH This Week

Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2895 HIGH This Week

Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2894 HIGH This Week

Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2892 HIGH PATCH This Week

Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Scadapro Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-34373 HIGH PATCH This Week

Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Dell Path Traversal Command Integration Suite For System Center
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2866 HIGH This Week

FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Fvdesigner
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2006 HIGH PATCH This Week

AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure C More Ea9 T6Cl Firmware C More Ea9 T6Cl R Firmware C More Ea9 T7Cl Firmware C More Ea9 T7Cl R Firmware +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-1976 HIGH PATCH This Week

A flaw was found in the Linux kernel’s implementation of IO-URING. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Privilege Escalation Memory Corruption Buffer Overflow Linux Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-1888 HIGH This Week

Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Alpha7 Pc Loader Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-1405 HIGH PATCH This Week

CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Cncsoft
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-36035 HIGH PATCH This Week

Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Path Traversal Flux2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2485 HIGH PATCH This Week

Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sio Mb04Rtds Firmware Sio Mb04Ads Firmware Sio Mb04Thms Firmware Sio Mb08Ads 1 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-2043 HIGH This Week

MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Nport 5110 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2005 HIGH PATCH This Week

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure C More Ea9 T6Cl Firmware C More Ea9 T6Cl R Firmware C More Ea9 T7Cl Firmware C More Ea9 T7Cl R Firmware +8
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-2004 HIGH PATCH This Week

AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service D0 06Dd1 Firmware D0 06Dd2 Firmware D0 06Dr Firmware D0 06Da Firmware +5
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-26330 HIGH This Week

Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS Arcsight Logger
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-1319 HIGH PATCH This Week

A flaw was found in Undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openshift Application Runtimes Single Sign On Undertow Active Iq Unified Manager +3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-1259 HIGH This Week

A flaw was found in Undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Build Of Quarkus Integration Camel K Jboss Enterprise Application Platform Openshift Application Runtimes +6
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-1404 HIGH PATCH This Week

Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Cncsoft
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-3028 HIGH PATCH This Week

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. Rated high severity (CVSS 7.0).

Linux Buffer Overflow Linux Kernel Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-2590 HIGH This Week

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. Rated high severity (CVSS 7.0). No vendor patch available.

Linux Race Condition Information Disclosure Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy