Skip to main content
CVE-2022-30079 HIGH POC THREAT Act Now

Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 24.4%.

Command Injection Netgear R6200
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
24.4%
Threat
4.0
CVE-2022-36100 HIGH POC PATCH THREAT This Week

XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
73.6%
CVE-2022-36099 HIGH POC PATCH THREAT This Week

XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
75.9%
CVE-2022-3167 HIGH POC PATCH This Week

Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Rdiffweb
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-38531 HIGH POC This Week

FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Remote Command Execution in the ping function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection G 97Rg6M Firmware G 97Rg3 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-38258 HIGH POC This Week

A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Path Traversal Denial Of Service Dir 819 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-36090 HIGH POC PATCH This Week

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-38269 HIGH POC This Week

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/modstudent/index.php?view=edit&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Activity Updates With Sms Notification
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-38268 HIGH POC This Week

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/autonumber/index.php?view=edit&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Activity Updates With Sms Notification
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-38267 HIGH POC This Week

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the component /modules/user/index.php?view=edit&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Activity Updates With Sms Notification
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-38265 HIGH POC This Week

Apartment Visitor Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at /avms/edit-apartment.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Apartment Visitor Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-38260 HIGH POC This Week

Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=questiondelete&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Interview Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-38255 HIGH POC This Week

Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /interview/editQuestion.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Interview Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-37779 HIGH POC This Week

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the sendnum parameter of the ping function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fir151B Firmware Fir302E Firmware Fir300B Firmware Fir303B Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2022-37778 HIGH POC This Week

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the current_time parameter of the time function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fir151B Firmware Fir302E Firmware Fir300B Firmware Fir303B Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2022-37777 HIGH POC This Week

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.17 and earlier were discovered to contain a remote command execution (RCE) vulnerability via the trHops parameter of the tracert. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fir151B Firmware Fir302E Firmware Fir300B Firmware Fir303B Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2022-37144 HIGH This Week

The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Plextrac
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-36084 HIGH PATCH This Week

cruddl is software for creating a GraphQL API for a database, using the GraphQL SDL to model a schema. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Cruddl
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-20696 HIGH This Week

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-38094 HIGH This Week

OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Centrecom Ar260S Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-35273 HIGH This Week

OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Centrecom Ar260S Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-34869 HIGH This Week

Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Centrecom Ar260S Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-36403 HIGH This Week

Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Device Software Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-37145 HIGH This Week

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Plextrac
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40281 HIGH This Week

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Tizenrt
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-40280 HIGH This Week

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Denial Of Service Tizenrt
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-36092 HIGH PATCH This Week

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-37857 HIGH This Week

bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure PHP Hauk
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-36091 HIGH PATCH This Week

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-28220 HIGH PATCH This Week

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Apache Command Injection James
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-25897 HIGH PATCH This Week

The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Milo
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-36093 HIGH PATCH This Week

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy