Skip to main content
CVE-2022-42719 HIGH POC PATCH This Week

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-35135 HIGH POC This Week

Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Iot Platform
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-42161 HIGH POC This Week

D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Covr 1203 Firmware Covr 1202 Firmware Covr 1200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-42160 HIGH POC This Week

D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Covr 1203 Firmware Covr 1202 Firmware Covr 1200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-42156 HIGH POC This Week

D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Covr 1203 Firmware Covr 1202 Firmware Covr 1200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-41475 HIGH POC This Week

RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rpcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-37208 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-34020 HIGH POC This Week

Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or other unspecified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Iot Platform And Lorawan Network Server
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-41489 HIGH POC This Week

WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Lq 09 Firmware Lq 08 Firmware Lq 07 Firmware Lq 06 Firmware +2
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-40187 HIGH POC This Week

Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Gc3 Launch Monitor Firmware Launch Pro Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2022-42906 HIGH POC PATCH This Week

powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Powerline Gitstatus Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-34022 HIGH POC This Week

SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Iot Platform And Lorawan Network Server
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-41534 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-41533 HIGH POC This Week

Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-3492 HIGH This Week

A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Human Resource Management System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-42902 HIGH PATCH This Week

In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Lava Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-39300 HIGH PATCH This Week

node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Jwt Attack Node Saml
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-31123 HIGH PATCH This Week

Grafana is an open source observability and data visualization platform. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Grafana Jwt Attack E Series Performance Analyzer
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-42901 HIGH This Week

Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Buffer Overflow Microstation View
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-42900 HIGH This Week

Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Buffer Overflow Microstation View
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-42899 HIGH This Week

Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Buffer Overflow Microstation View
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-39278 HIGH This Week

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Istio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-39201 HIGH PATCH This Week

Grafana is an open source observability and data visualization platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Grafana
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-31130 HIGH PATCH This Week

Grafana is an open source observability and data visualization platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Grafana
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-41485 HIGH This Week

Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47ce00 function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Denial Of Service Buffer Overflow Ac6 Firmware Ac6V2 0 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-41484 HIGH This Week

Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to contain a buffer overflow in the 0x32384 function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Denial Of Service Buffer Overflow Ap500V1 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41483 HIGH This Week

Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x4a12cc function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Denial Of Service Buffer Overflow Ac6V2 0 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-41482 HIGH This Week

Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47c5dc function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Denial Of Service Buffer Overflow Ac6V2 0 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41481 HIGH This Week

Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x47de1c function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Denial Of Service Buffer Overflow Ac6V2 0 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-41480 HIGH This Week

Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x475dc function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Denial Of Service Buffer Overflow Ac6V2 0 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-35944 HIGH PATCH This Week

October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection October
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy