Skip to main content
CVE-2022-30079 HIGH POC THREAT Act Now

Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 24.4%.

Command Injection Netgear R6200
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
24.4%
Threat
4.0
CVE-2022-36085 CRITICAL POC PATCH Act Now

Open Policy Agent (OPA) is an open source, general-purpose policy engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Open Policy Agent
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-27593 CRITICAL POC KEV THREAT Act Now

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnap Photo Station
NVD
CVSS 3.1
9.1
EPSS
87.9%
CVE-2022-36098 CRITICAL POC PATCH THREAT Act Now

XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
71.0%
CVE-2022-36094 CRITICAL POC PATCH THREAT Act Now

XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
64.1%
CVE-2022-36100 HIGH POC PATCH THREAT This Week

XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
73.6%
CVE-2022-36099 HIGH POC PATCH THREAT This Week

XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
75.9%
CVE-2022-3167 HIGH POC PATCH This Week

Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Rdiffweb
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-38531 HIGH POC This Week

FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Remote Command Execution in the ping function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection G 97Rg6M Firmware G 97Rg3 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-38258 HIGH POC This Week

A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Path Traversal Denial Of Service Dir 819 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-36090 HIGH POC PATCH This Week

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-38269 HIGH POC This Week

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/modstudent/index.php?view=edit&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Activity Updates With Sms Notification
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-38268 HIGH POC This Week

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/autonumber/index.php?view=edit&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Activity Updates With Sms Notification
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-38267 HIGH POC This Week

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/user/index.php?view=edit&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Activity Updates With Sms Notification
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-38265 HIGH POC This Week

Apartment Visitor Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /avms/edit-apartment.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Visitor Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-38260 HIGH POC This Week

Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=questiondelete&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Interview Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38255 HIGH POC This Week

Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /interview/editQuestion.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Interview Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-37779 HIGH POC This Week

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the sendnum parameter of the ping function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fir151B Firmware Fir302E Firmware Fir300B Firmware Fir303B Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2022-37778 HIGH POC This Week

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the current_time parameter of the time function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fir151B Firmware Fir302E Firmware Fir300B Firmware Fir303B Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2022-37777 HIGH POC This Week

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.17 and earlier were discovered to contain a remote command execution (RCE) vulnerability via the trHops parameter of the tracert. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fir151B Firmware Fir302E Firmware Fir300B Firmware Fir303B Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2022-36097 MEDIUM POC PATCH THREAT This Month

XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
57.4%
CVE-2022-3148 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Drawio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3138 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Drawio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38400 MEDIUM POC PATCH This Month

Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Mailform Pro Cgi
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2022-37164 CRITICAL Act Now

Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ontrack
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-37163 CRITICAL Act Now

Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ihatetobudget
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20923 CRITICAL Act Now

A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Rv110W Firmware Rv130 Firmware Rv130W Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38394 CRITICAL Act Now

Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Centrecom Ar260S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-33941 CRITICAL PATCH Act Now

PowerCMS XMLRPC API provided by Alfasado Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Powercms
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25914 CRITICAL PATCH Act Now

The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google RCE Jib
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-36588 CRITICAL PATCH Act Now

In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow vulnerability caused by strncpy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

D-Link Buffer Overflow Dap 1650 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-36586 CRITICAL PATCH Act Now

In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer overflow vulnerability caused by strcpy in function 0x869f4 in the httpd binary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Tenda Buffer Overflow G3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-3153 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Vim
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-27969 MEDIUM POC This Month

Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cynet 360
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-27968 MEDIUM POC This Month

Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of monitored files and profiles via a crafted GET request sent to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cynet 360
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-27967 MEDIUM POC This Month

Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of excluded files and profiles via a crafted GET request sent to /WebApp/SettingsExclusion/GetExclusionsProfiles. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cynet 360
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-36096 CRITICAL PATCH Act Now

The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
59.5%
CVE-2022-37144 HIGH This Week

The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Plextrac
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-36084 HIGH PATCH This Week

cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Cruddl
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-20696 HIGH This Week

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-38094 HIGH This Week

OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Centrecom Ar260S Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-35273 HIGH This Week

OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Centrecom Ar260S Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-34869 HIGH This Week

Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Centrecom Ar260S Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-36403 HIGH This Week

Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Device Software Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-37145 HIGH This Week

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Plextrac
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40281 HIGH This Week

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Tizenrt
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-40280 HIGH This Week

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Denial Of Service Tizenrt
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-36092 HIGH PATCH This Week

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-37857 HIGH This Week

bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure PHP Hauk
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-36091 HIGH PATCH This Week

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy