Skip to main content
CVE-2022-38308 CRITICAL POC THREAT Act Now

TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7000Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
20.3%
CVE-2022-37661 CRITICAL POC THREAT Act Now

SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Sr510N Firmware Sr506N Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
36.2%
CVE-2022-37138 CRITICAL POC Act Now

Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Loan Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-36669 CRITICAL POC Act Now

Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SQLi Hospital Information System
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-36436 CRITICAL POC PATCH Act Now

OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Twisted Vnc Authentication Proxy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-2900 CRITICAL POC PATCH Act Now

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Parse Url
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-38301 HIGH POC PATCH This Week

Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Onedev
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-3216 HIGH POC This Week

A vulnerability has been found in Nintendo Game Boy Color and classified as problematic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Game Boy Color Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-36667 HIGH POC THREAT This Week

Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Garage Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
24.4%
CVE-2022-37140 HIGH POC This Week

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Paymoney
NVD GitHub
CVSS 3.1
8.0
EPSS
1.3%
CVE-2022-40673 HIGH POC PATCH This Week

KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Kdiskmark Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-3212 HIGH POC PATCH This Week

<bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Axum Core
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-40734 MEDIUM POC PATCH This Month

UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Laravel Filemanager
NVD GitHub
CVSS 3.1
6.5
EPSS
4.1%
CVE-2022-40439 MEDIUM POC This Month

An memory leak issue was discovered in AP4_StdcFileByteStream::Create in mp42ts in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-40438 MEDIUM POC This Month

Buffer overflow vulnerability in function AP4_MemoryByteStream::WritePartial in mp42aac in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-40365 MEDIUM POC This Month

Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Gocron
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-37724 MEDIUM POC PATCH This Month

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Webobjects
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38796 MEDIUM POC This Month

A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Feehi Cms
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-35947 CRITICAL PATCH Act Now

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Glpi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-34831 CRITICAL Act Now

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ejbca
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-36056 MEDIUM POC PATCH This Month

Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Jwt Attack Cosign
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-37139 MEDIUM POC This Month

Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Loan Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37137 MEDIUM POC This Month

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Paymoney
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36668 MEDIUM POC This Month

Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Garage Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36113 HIGH PATCH This Week

Cargo is a package manager for the rust programming language. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Cargo
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-40674 HIGH PATCH This Week

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Libexpat Debian Linux +1
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2022-2977 HIGH PATCH This Week

A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Privilege Escalation Use After Free Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20364 HIGH This Week

In sysmmu_unmap of TBD, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-2277 HIGH This Week

Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microscada X Sys600
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-29922 HIGH This Week

Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microscada X Sys600
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-29492 HIGH This Week

Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microscada X Sys600
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-3202 HIGH PATCH This Week

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Linux Null Pointer Dereference Denial Of Service Linux Kernel H410c Firmware +4
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2022-20231 MEDIUM This Month

In smc_intc_request_fiq of arm_gic.c, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-36114 MEDIUM PATCH This Month

Cargo is a package manager for the rust programming language. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

RCE Denial Of Service Cargo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35946 MEDIUM PATCH This Month

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PHP SQLi Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35945 MEDIUM PATCH This Month

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-40626 MEDIUM PATCH This Month

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Zabbix XSS Fedora
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-36112 MEDIUM PATCH This Month

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Glpi
NVD GitHub
CVSS 3.1
5.8
EPSS
0.5%
CVE-2022-40476 MEDIUM PATCH This Month

A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Null Pointer Dereference Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0029 MEDIUM This Month

An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Paloalto Cortex Xdr Agent
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31187 MEDIUM PATCH This Month

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-31143 MEDIUM PATCH This Month

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Glpi
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-22520 MEDIUM This Month

A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mbconnect24 Mymbconnect24 Myrex24 Myrex24 Virtual
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-1778 MEDIUM This Month

Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microscada X Sys600
NVD
CVSS 3.1
4.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy