Skip to main content
CVE-2022-27664 HIGH PATCH This Week

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Fedora
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2022-27491 HIGH This Week

A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-40112 HIGH This Week

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary /bin/boa. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow A3002r Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-40110 HIGH This Week

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/boa. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow A3002r Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-37841 HIGH This Week

In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A860R Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-2438 HIGH PATCH This Week

The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress Broken Link Checker
NVD VulDB
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-2717 HIGH PATCH This Week

The JoomSport - for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-events-form page in versions up to,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Joomsport
NVD VulDB
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-2718 HIGH PATCH This Week

The JoomSport - for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-page-extrafields page in versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Joomsport
NVD VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-23683 HIGH This Week

Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Aos Cx
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2022-26859 HIGH This Week

Dell BIOS contains a race condition vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Dell Alienware M15 R6 Firmware Chengming 3980 Firmware Chengming 3988 Firmware +396
NVD
CVSS 3.1
7.0
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy