Skip to main content
CVE-2022-36067 CRITICAL POC PATCH THREAT Act Now

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Vm2
NVD GitHub
CVSS 3.1
10.0
EPSS
47.9%
CVE-2022-36061 CRITICAL POC PATCH Act Now

Elrond go is the go implementation for the Elrond Network protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Elrond Go
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-31860 CRITICAL POC Act Now

An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Openremote
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-37344 CRITICAL Act Now

Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Privilege Escalation Accommodation System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-36427 CRITICAL Act Now

Missing Access Control vulnerability in About Rentals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation About Rentals
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-36387 CRITICAL Act Now

Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation About Me
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-1368 CRITICAL Act Now

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 3D A1000 Dimensioning System Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36663 CRITICAL PATCH Act Now

Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Oxauth
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-31789 CRITICAL Act Now

An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Watchguard Buffer Overflow RCE Fireware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-36425 CRITICAL Act Now

Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Beaver Builder
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-26447 CRITICAL Act Now

In BT firmware, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Android Yocto
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-40111 CRITICAL Act Now

In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A3002r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40109 CRITICAL Act Now

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation A3002r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37843 CRITICAL Act Now

In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection A860R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-37842 CRITICAL Act Now

In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat.cgi are not filtered, causing a buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow A860R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37840 CRITICAL Act Now

In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downloadfile.cgi has a buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow A860R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37839 CRITICAL Act Now

TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflow via Cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow A860R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36584 CRITICAL PATCH Act Now

In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, the getsinglepppuser function has a buffer overflow caused by sscanf. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Tenda Buffer Overflow G3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-2714 CRITICAL PATCH Act Now

Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rosariosis
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34747 CRITICAL PATCH Act Now

A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Zyxel Nas326 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-1525 CRITICAL Act Now

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 3D A1000 Dimensioning System Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy