Skip to main content
CVE-2022-40494 CRITICAL POC Act Now

NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nps
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-41525 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nr1800x Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-41522 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41518 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nr1800x Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-3273 CRITICAL POC PATCH Act Now

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-39274 CRITICAL POC PATCH Act Now

LoRaMac-node is a reference implementation and documentation of a LoRa network node. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Loramac Node
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-40895 CRITICAL POC Act Now

In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nedi
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2022-41853 CRITICAL PATCH Act Now

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Java Hypersql Database Debian Linux
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-3398 CRITICAL Act Now

OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cx Programmer
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-3397 CRITICAL Act Now

OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cx Programmer
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-3396 CRITICAL Act Now

OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cx Programmer
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-39244 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Pjsip
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-39237 CRITICAL PATCH Act Now

syslabs/sif is the Singularity Image Format (SIF) reference implementation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Singularity Image Format
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-37888 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba RCE Buffer Overflow Arubaos Instant +1
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-39269 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pjsip
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy