Skip to main content
CVE-2022-33106 CRITICAL POC Act Now

WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure U250 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37601 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Loader Utils Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-41403 CRITICAL POC Act Now

OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Newsletter Subscribe Popup Regular Module
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-40871 CRITICAL POC THREAT Act Now

Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
9.8
EPSS
33.4%
CVE-2022-37614 CRITICAL POC Act Now

Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Mockery
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-3465 CRITICAL POC Act Now

A vulnerability classified as critical was found in Mediabridge Medialink. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mlwr Ac1200R Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40469 HIGH POC This Week

iKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ikuaios
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2022-28866 HIGH POC This Week

Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Nokia Airframe Bmc Web Gui R18 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-42081 HIGH POC This Week

Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac1206 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-42080 HIGH POC This Week

Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac1206 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-42079 HIGH POC This Week

Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac1206 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-41532 HIGH POC This Week

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_plan. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Source Sacco Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-41530 HIGH POC This Week

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Open Source Sacco Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-41407 HIGH POC This Week

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Pet Shop We App
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-41406 HIGH POC This Week

An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Church Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-40921 HIGH POC This Week

DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Dedecms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-42087 MEDIUM POC This Month

Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF Ax1803 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-42086 MEDIUM POC This Month

Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF Ax1803 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-42078 MEDIUM POC This Month

Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF Ac1206 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-42077 MEDIUM POC This Month

Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF Ac1206 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-40440 MEDIUM POC This Month

mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mxgraph
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-42715 MEDIUM POC This Month

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Redcap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-39298 CRITICAL PATCH Act Now

MelisFront is the engine that displays website hosted on Melis Platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP Meliscms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-39297 CRITICAL PATCH Act Now

MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP Meliscms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-31228 CRITICAL PATCH Act Now

Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dell Xtremio Management Server
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3467 CRITICAL Act Now

A vulnerability classified as critical was found in Jiusi OA. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Jiusi Oa
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-40664 CRITICAL PATCH Act Now

Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Shiro
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-3458 CRITICAL Act Now

A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Human Resource Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-37611 CRITICAL PATCH Act Now

Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prototype Pollution Gh Pages
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-41408 CRITICAL Act Now

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Online Pet Shop We App
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-42711 CRITICAL Act Now

In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Whatsup Gold
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2022-39299 HIGH PATCH This Week

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Jwt Attack Node.js Passport Saml
NVD GitHub
CVSS 3.1
8.1
EPSS
3.0%
CVE-2022-0030 HIGH This Week

An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-34391 HIGH This Week

Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Buffer Overflow Alienware Area 51 R5 Firmware Alienware Area 51 R4 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-34390 HIGH This Week

Dell BIOS contains a use of uninitialized variable vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Alienware Area 51 R5 Firmware Alienware Area 51 R4 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-33922 HIGH This Week

Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Privilege Escalation Geodrive
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-33921 HIGH This Week

Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Geodrive
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-33920 HIGH This Week

Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Geodrive
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-33919 HIGH This Week

Dell GeoDrive, versions 2.1 - 2.2, contains an information disclosure vulnerability in GUI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Geodrive
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32493 HIGH This Week

Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Stack Overflow Buffer Overflow Alienware Area 51M R1 Firmware +289
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32491 HIGH This Week

Dell Client BIOS contains a Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Buffer Overflow Alienware Area 51M R1 Firmware Alienware Area 51M R2 Firmware Alienware Aurora R11 Firmware +287
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32489 HIGH This Week

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Alienware Area 51M R1 Firmware Alienware Area 51M R2 Firmware Alienware Aurora R11 Firmware +287
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32488 HIGH This Week

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Alienware Area 51M R1 Firmware Alienware Area 51M R2 Firmware Alienware Aurora R11 Firmware +287
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32487 HIGH This Week

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Alienware Area 51M R1 Firmware Alienware Area 51M R2 Firmware Alienware Aurora R11 Firmware +287
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-32485 HIGH This Week

Dell BIOS contains an improper input validation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Alienware Area 51M R1 Firmware Alienware Area 51M R2 Firmware Alienware Aurora R11 Firmware +287
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3171 HIGH PATCH This Week

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Java Google Protobuf Protobuf Java Protobuf Javalite +3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-39283 HIGH This Week

FreeRDP is a free remote desktop protocol library and clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Freerdp Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-39282 HIGH This Week

FreeRDP is a free remote desktop protocol library and clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Freerdp Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-28887 HIGH This Week

Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Elements Endpoint Detection And Response Elements Endpoint Protection Atlant Internet Gatekeeper +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-33937 HIGH This Week

Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Path Traversal Geodrive
NVD
CVSS 3.1
7.1
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy