Skip to main content
CVE-2022-38326 CRITICAL POC Act Now

Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac15 Firmware Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38325 CRITICAL POC Act Now

Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac15 Firmware Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-37861 CRITICAL POC Act Now

There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tws 100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-38352 CRITICAL POC THREAT Act Now

ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Thinkphp
NVD GitHub
CVSS 3.1
9.8
EPSS
20.2%
CVE-2022-37201 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-37207 HIGH POC This Week

JFinal CMS 5.1.0 is affected by: SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-3221 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Rdiffweb
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-38862 HIGH POC This Week

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function play() of libaf/af.c:639. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mencoder Mplayer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-39213 HIGH POC PATCH This Week

go-cvss is a Go module to manipulate Common Vulnerability Scoring System (CVSS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Go Cvss
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-38535 HIGH POC This Week

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection A720R Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-38534 HIGH POC This Week

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection A720R Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-38595 HIGH POC This Week

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Church Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-38594 HIGH POC This Week

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Church Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-38323 HIGH POC This Week

Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Event Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-1798 MEDIUM POC This Month

A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Kubevirt
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-40738 MEDIUM POC This Month

An issue was discovered in Bento4 through 1.6.0-639. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-40737 MEDIUM POC This Month

An issue was discovered in Bento4 through 1.6.0-639. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-40736 MEDIUM POC This Month

An issue was discovered in Bento4 1.6.0-639. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-3224 MEDIUM POC PATCH This Month

Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Parse Url
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-37257 CRITICAL Act Now

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node.js Prototype Pollution Steal
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-40306 MEDIUM POC This Month

The login form /Login in ECi Printanista Hub (formerly FMAudit Printscout) before 5.5.2 (July 2023) performs expensive RSA key-generation operations, which allows attackers to cause a denial of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Printanista Managed Print Service
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-39215 MEDIUM POC PATCH This Month

Tauri is a framework for building binaries for all major desktop platforms. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Tauri
NVD GitHub
CVSS 3.1
5.8
EPSS
0.8%
CVE-2022-37264 CRITICAL Act Now

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prototype Pollution Steal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-2471 CRITICAL Act Now

Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Cs C6N A0 1C2Wfr Firmware Cs Db1C A0 1E2W2Fr Firmware Cs C6N B0 1G2Wf Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-37266 CRITICAL Act Now

Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prototype Pollution Steal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-38334 MEDIUM POC This Month

XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-38890 MEDIUM POC This Month

Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Buffer Overflow Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38851 MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Mencoder Mplayer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38850 MEDIUM POC This Month

The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mencoder Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38600 MEDIUM POC This Month

Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mplayer
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-38865 MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mencoder Mplayer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38864 MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mencoder Mplayer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38863 MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mencoder Mplayer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38861 MEDIUM POC This Month

The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mplayer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38860 MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mencoder Mplayer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38858 MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mencoder Mplayer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38856 MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mencoder Mplayer
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38855 MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemux/demux_mov.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mencoder Mplayer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38853 MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_stream() of libmpdemux/asfheader.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mencoder Mplayer
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-3222 MEDIUM POC PATCH This Month

Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-38814 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS An5506 02 B Firmware
NVD
CVSS 3.1
5.4
EPSS
2.5%
CVE-2022-3211 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-38789 CRITICAL Act Now

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Air 4920 Firmware Air 4921 Firmware Air 4971 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-38788 MEDIUM POC This Month

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nokia Fastmile 5G Receiver Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-29240 HIGH PATCH This Week

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Apache Information Disclosure Scylla
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-40663 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Buffer Overflow Nis Elements Viewer
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-40662 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Buffer Overflow Nis Elements Viewer
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-40661 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Buffer Overflow Nis Elements Viewer
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-40660 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Buffer Overflow Nis Elements Viewer
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-40659 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Nis Elements Viewer
NVD
CVSS 3.1
7.8
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy