Skip to main content
CVE-2022-36085 CRITICAL POC PATCH Act Now

Open Policy Agent (OPA) is an open source, general-purpose policy engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Open Policy Agent
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-27593 CRITICAL POC KEV THREAT Act Now

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnap Photo Station
NVD
CVSS 3.1
9.1
EPSS
87.9%
CVE-2022-36098 CRITICAL POC PATCH THREAT Act Now

XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
71.0%
CVE-2022-36094 CRITICAL POC PATCH THREAT Act Now

XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
64.1%
CVE-2022-37164 CRITICAL Act Now

Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ontrack
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-37163 CRITICAL Act Now

Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ihatetobudget
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-20923 CRITICAL Act Now

A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Rv110W Firmware Rv130 Firmware Rv130W Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38394 CRITICAL Act Now

Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Centrecom Ar260S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-33941 CRITICAL PATCH Act Now

PowerCMS XMLRPC API provided by Alfasado Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Powercms
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25914 CRITICAL PATCH Act Now

The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google RCE Jib
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-36588 CRITICAL PATCH Act Now

In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow vulnerability caused by strncpy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

D-Link Buffer Overflow Dap 1650 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-36586 CRITICAL PATCH Act Now

In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer overflow vulnerability caused by strcpy in function 0x869f4 in the httpd binary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Tenda Buffer Overflow G3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36096 CRITICAL PATCH Act Now

The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.0
EPSS
59.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy