Skip to main content
CVE-2022-41415 CRITICAL POC Act Now

Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Altos W2000H W570H F4 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-43019 CRITICAL POC Act Now

OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Opencats
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-3608 HIGH POC PATCH This Week

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
8.4
EPSS
0.9%
CVE-2022-41709 HIGH POC This Week

Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Markdownify
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-43042 HIGH POC This Week

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-43040 HIGH POC This Week

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-42227 HIGH POC This Week

jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jsonlint C
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-40798 HIGH POC This Week

OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ocomon
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-35860 MEDIUM POC This Month

Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Code Injection K63 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-43023 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Opencats
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43022 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Opencats
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43021 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Opencats
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43020 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Opencats
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-41707 MEDIUM POC This Month

Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Messenger
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43038 MEDIUM POC This Month

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadCache() function in mp42ts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-43037 MEDIUM POC This Month

An issue was discovered in Bento4 1.6.0-639. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-43035 MEDIUM POC This Month

An issue was discovered in Bento4 v1.6.0-639. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-43034 MEDIUM POC This Month

An issue was discovered in Bento4 v1.6.0-639. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-43033 MEDIUM POC This Month

An issue was discovered in Bento4 1.6.0-639. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-43032 MEDIUM POC This Month

An issue was discovered in Bento4 v1.6.0-639. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-43018 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencats
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-43017 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencats
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-43016 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencats
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-43015 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencats
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-43014 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencats
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-3607 MEDIUM POC PATCH This Month

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Code Injection Octoprint
NVD GitHub
CVSS 3.1
6.0
EPSS
0.4%
CVE-2022-43406 CRITICAL PATCH Act Now

A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin 583.vf3b_454e43966 and earlier allows attackers with permission to define untrusted Pipeline libraries and to. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jenkins Groovy Libraries
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2022-43405 CRITICAL PATCH Act Now

A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier allows attackers with permission to define untrusted Pipeline libraries and to define and. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jenkins Groovy Libraries
NVD
CVSS 3.1
9.9
EPSS
1.2%
CVE-2022-43404 CRITICAL PATCH Act Now

A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jenkins Script Security
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2022-43403 CRITICAL PATCH Act Now

A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jenkins Script Security
NVD
CVSS 3.1
9.9
EPSS
1.4%
CVE-2022-43402 CRITICAL PATCH Act Now

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jenkins Pipeline
NVD
CVSS 3.1
9.9
EPSS
1.2%
CVE-2022-43401 CRITICAL PATCH Act Now

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jenkins Script Security
NVD
CVSS 3.1
9.9
EPSS
1.2%
CVE-2022-43029 CRITICAL Act Now

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the time parameter at /goform/SetSysTimeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Buffer Overflow Tx3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43028 CRITICAL Act Now

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter at /goform/SetSysTimeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Buffer Overflow Tx3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43027 CRITICAL Act Now

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the firewallEn parameter at /goform/SetFirewallCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Buffer Overflow Tx3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43026 CRITICAL Act Now

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the endIp parameter at /goform/SetPptpServerCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Buffer Overflow Tx3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43025 CRITICAL Act Now

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the startIp parameter at /goform/SetPptpServerCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Buffer Overflow Tx3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43024 CRITICAL Act Now

Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Buffer Overflow Tx3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43184 CRITICAL Act Now

D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 878 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25748 CRITICAL Act Now

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Apq8009 Firmware Apq8017 Firmware +271
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-25720 CRITICAL PATCH Act Now

Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Buffer Overflow Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +182
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-25718 CRITICAL Act Now

Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Apq8009 Firmware Apq8009W Firmware Apq8016 Firmware +139
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-25687 CRITICAL Act Now

memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +178
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-38901 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Dxp Liferay Portal
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-43045 MEDIUM POC This Month

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43044 MEDIUM POC This Month

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43043 MEDIUM POC This Month

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43039 MEDIUM POC This Month

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43185 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-39301 MEDIUM POC This Month

sra-admin is a background rights management system that separates the front and back end. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sra Admin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy