Skip to main content
CVE-2022-40494 CRITICAL POC Act Now

NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nps
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-41525 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nr1800x Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-41522 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41518 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nr1800x Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-3273 CRITICAL POC PATCH Act Now

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-39274 CRITICAL POC PATCH Act Now

LoRaMac-node is a reference implementation and documentation of a LoRa network node. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Loramac Node
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-40895 CRITICAL POC Act Now

In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nedi
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2022-41528 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41527 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the pppoeUser parameter in the setOpModeCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41526 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41524 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41523 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the command parameter in the setTracerouteCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41521 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the sPort/ePort parameter in the setIpPortFilterRules function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41520 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the UploadCustomModule function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41517 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-41556 HIGH POC PATCH This Week

A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Lighttpd Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2022-3389 HIGH POC PATCH This Week

Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Rdiffweb
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-41355 HIGH POC This Week

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Leave Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-42457 HIGH POC This Week

Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cs141 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
2.2%
CVE-2022-42250 HIGH POC This Week

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/view_details.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Cold Storage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-42249 HIGH POC This Week

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/view_storage.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Cold Storage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-42243 HIGH POC This Week

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/manage_storage.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Cold Storage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-42242 HIGH POC This Week

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Cold Storage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-42241 HIGH POC This Week

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Cold Storage Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-39265 HIGH POC PATCH This Week

MyBB is a free and open source forum software. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Mybb
NVD GitHub
CVSS 3.1
7.2
EPSS
2.2%
CVE-2022-39222 MEDIUM POC PATCH This Month

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Dex
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-41853 CRITICAL PATCH Act Now

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Java Hypersql Database Debian Linux
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-3398 CRITICAL Act Now

OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cx Programmer
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-3397 CRITICAL Act Now

OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cx Programmer
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-3396 CRITICAL Act Now

OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cx Programmer
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-39244 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Pjsip
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-39237 CRITICAL PATCH Act Now

syslabs/sif is the Singularity Image Format (SIF) reference implementation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Singularity Image Format
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-37888 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Buffer Overflow Arubaos Instant +1
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-3002 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-39988 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Centreon
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-3376 MEDIUM POC PATCH This Month

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Rdiffweb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-39269 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pjsip
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2022-2986 HIGH PATCH This Week

Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Moodle
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-2637 HIGH This Week

Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.8.0 before 04.9.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

VMware Privilege Escalation Storage Plug In
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-39284 MEDIUM POC PATCH This Month

CodeIgniter is a PHP full-stack web framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure PHP Codeigniter
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-26235 HIGH This Week

A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Remisol Advance
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-27810 HIGH This Week

It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hermes
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-39280 HIGH PATCH This Week

dparse is a parser for Python dependency files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Dependency Parser
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-39273 HIGH PATCH This Week

FlyteAdmin is the control plane for the data processing platform Flyte. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Flyteadmin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2975 MEDIUM This Month

A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Aura Application Enablement Services
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-41294 MEDIUM This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-40160 MEDIUM This Month

** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Stack Overflow Buffer Overflow Commons Jxpath
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-40159 MEDIUM This Month

** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Stack Overflow Buffer Overflow Commons Jxpath
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-26240 MEDIUM This Month

The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Remisol Advance
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-38709 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
6.1
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy