Skip to main content
CVE-2022-30078 HIGH POC This Week

NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection R6200 Firmware R6300 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2022-3152 HIGH POC PATCH This Week

Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Phpfusion
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-37730 HIGH POC This Week

In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerability in the PHP page, which causes the attacker to forge a link to trick him to click on a malicious link or visit a page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Ftcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-31166 HIGH POC PATCH This Week

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-36271 HIGH POC This Week

Outbyte PC Repair Installation File 1.7.112.7856 is vulnerable to Dll Hijacking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pc Repair
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-36539 HIGH POC This Week

WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted calls to gain access to data of other parents and children. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eigen Wijzer Ouderapp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-35513 HIGH POC PATCH This Week

The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Blink1Control2
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
4.4%
CVE-2022-40023 HIGH POC PATCH This Week

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Mako Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-36069 HIGH POC PATCH This Week

Poetry is a dependency manager for Python. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Command Injection Code Injection Poetry
NVD GitHub
CVSS 3.1
7.3
EPSS
1.4%
CVE-2022-37780 HIGH POC This Week

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the pingAddr parameter of the tracert function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fir151B Firmware Fir302E Firmware Fir300B Firmware Fir303B Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2022-37108 HIGH POC This Week

An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Snypr
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-36073 HIGH PATCH This Week

RubyGems.org is the Ruby community gem host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Rubygems
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-36081 HIGH PATCH This Week

Wikmd is a file based wiki that uses markdown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Information Disclosure Path Traversal Wikmd
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-36079 HIGH PATCH This Week

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Node.js Parse Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-36049 HIGH PATCH This Week

Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Helm Flux2 Helm Controller
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31414 HIGH This Week

D-Link DIR-1960 firmware DIR-1960_A1_1.11 was discovered to contain a buffer overflow via srtcat in prog.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Denial Of Service Buffer Overflow Dir 1960 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-37189 HIGH PATCH This Week

DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Denial Of Service Mei2Volpiano
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-36070 HIGH PATCH This Week

Poetry is a dependency manager for Python. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Python RCE Poetry
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2022-1807 HIGH This Week

Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Privilege Escalation Firewall
NVD
CVSS 3.1
7.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy