Skip to main content
CVE-2022-36086 CRITICAL POC PATCH Act Now

linked_list_allocator is an allocator usable for no_std systems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Linked List Allocator
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-3130 CRITICAL POC Act Now

A vulnerability classified as critical has been found in codeprojects Online Driving School. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Driving School Project
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-3129 CRITICAL POC Act Now

A vulnerability was found in codeprojects Online Driving School. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Driving School Project
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-38314 CRITICAL POC Act Now

Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the urls parameter at /goform/saveParentControlInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38313 CRITICAL POC Act Now

Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/saveParentControlInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38312 CRITICAL POC Act Now

Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38311 CRITICAL POC Act Now

Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/PowerSaveSet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38310 CRITICAL POC Act Now

Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38309 CRITICAL POC Act Now

Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-36660 CRITICAL POC Act Now

xhyve commit dfbe09b was discovered to contain a stack buffer overflow via the component pci_vtrnd_notify(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Xhyve
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-31149 CRITICAL POC Act Now

ActivityWatch open-source automated time tracker. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Activitywatch
NVD GitHub
CVSS 3.1
9.6
EPSS
1.0%
CVE-2022-30078 HIGH POC This Week

NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection R6200 Firmware R6300 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-31247 CRITICAL POC PATCH Act Now

An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rancher
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-3152 HIGH POC PATCH This Week

Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Phpfusion
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-37730 HIGH POC This Week

In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerability in the PHP page, which causes the attacker to forge a link to trick him to click on a malicious link or visit a page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Ftcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-31166 HIGH POC PATCH This Week

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-36271 HIGH POC This Week

Outbyte PC Repair Installation File 1.7.112.7856 is vulnerable to Dll Hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pc Repair
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-36539 HIGH POC This Week

WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted calls to gain access to data of other parents and children. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eigen Wijzer Ouderapp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-35513 HIGH POC PATCH This Week

The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Blink1Control2
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
4.4%
CVE-2022-40023 HIGH POC PATCH This Week

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Mako Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-36069 HIGH POC PATCH This Week

Poetry is a dependency manager for Python. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Command Injection Code Injection Poetry
NVD GitHub
CVSS 3.1
7.3
EPSS
1.4%
CVE-2022-37780 HIGH POC This Week

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the pingAddr parameter of the tracert function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fir151B Firmware Fir302E Firmware Fir300B Firmware Fir303B Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2022-37108 HIGH POC This Week

An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Snypr
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-36661 MEDIUM POC This Month

xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_read(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xhyve
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-36659 MEDIUM POC This Month

xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_write(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xhyve
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31167 MEDIUM POC PATCH This Month

XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31251 MEDIUM POC This Month

A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Privilege Escalation Factory
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2022-37731 MEDIUM POC This Month

ftcms 2.1 poster.PHP has a XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ftcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-36585 CRITICAL PATCH Act Now

In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, in httpd binary, the addDhcpRule function has a buffer overflow caused by sscanf. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Tenda Buffer Overflow G3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36089 CRITICAL PATCH Act Now

KubeVela is an application delivery platform Users using KubeVela's VelaUX APIServer could be affected by an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Kubevela
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-38250 CRITICAL Act Now

Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-36587 CRITICAL PATCH Act Now

In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer overflow vulnerability caused by sprintf in function in the httpd binary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Tenda Buffer Overflow G3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36083 MEDIUM POC PATCH This Month

JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Node.js Jose
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-36073 HIGH PATCH This Week

RubyGems.org is the Ruby community gem host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Rubygems
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-36081 HIGH PATCH This Week

Wikmd is a file based wiki that uses markdown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Information Disclosure Path Traversal Wikmd
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-36079 HIGH PATCH This Week

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Node.js Parse Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-36049 HIGH PATCH This Week

Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Helm Flux2 Helm Controller
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31414 HIGH This Week

D-Link DIR-1960 firmware DIR-1960_A1_1.11 was discovered to contain a buffer overflow via srtcat in prog.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Denial Of Service Buffer Overflow Dir 1960 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-37189 HIGH PATCH This Week

DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Denial Of Service Mei2Volpiano
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-36070 HIGH PATCH This Week

Poetry is a dependency manager for Python. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Python RCE Poetry
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2022-1807 HIGH This Week

Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Privilege Escalation Firewall
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-30312 MEDIUM This Month

The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Trend Iq412 Firmware Trend Iq411 Firmware Trend Iq422 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-38254 MEDIUM This Month

Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nagios Xi
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-38249 MEDIUM This Month

Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-38248 MEDIUM This Month

Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nagios Xi
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-36080 MEDIUM PATCH This Month

Wikmd is a file based wiki that uses markdown. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wikmd
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-36088 MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Gocd
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36082 MEDIUM PATCH This Month

mangadex-downloader is a command-line tool to download manga from MangaDex. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mangadex Downloader
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-21950 MEDIUM This Month

A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Canna
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-38251 MEDIUM This Month

Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
4.8
EPSS
1.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy