Skip to main content
CVE-2022-38580 CRITICAL POC PATCH THREAT Act Now

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.0%.

SSRF Skipper
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
11.0%
CVE-2022-33195 CRITICAL POC Act Now

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
10.0
EPSS
3.2%
CVE-2022-33194 CRITICAL POC Act Now

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
10.0
EPSS
3.1%
CVE-2022-33193 CRITICAL POC Act Now

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
10.0
EPSS
3.1%
CVE-2022-33192 CRITICAL POC Act Now

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
10.0
EPSS
3.2%
CVE-2022-33207 CRITICAL POC Act Now

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.9
EPSS
4.2%
CVE-2022-33206 CRITICAL POC Act Now

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.9
EPSS
4.2%
CVE-2022-33205 CRITICAL POC Act Now

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.9
EPSS
4.2%
CVE-2022-33204 CRITICAL POC Act Now

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.9
EPSS
4.2%
CVE-2022-41711 CRITICAL POC PATCH Act Now

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Badaso
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-3393 CRITICAL POC Act Now

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Code Injection Post To Csv
NVD WPScan VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-39327 CRITICAL POC PATCH Act Now

Azure CLI is the command-line interface for Microsoft Azure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Code Injection Azure Command Line Interface
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-39322 CRITICAL POC PATCH Act Now

@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Keystone
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-39312 CRITICAL POC PATCH Act Now

Dataease is an open source data visualization analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Java Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-35877 CRITICAL POC Act Now

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35876 CRITICAL POC Act Now

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35875 CRITICAL POC Act Now

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35874 CRITICAL POC Act Now

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35244 CRITICAL POC Act Now

A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-33938 CRITICAL POC Act Now

A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-33189 CRITICAL POC Act Now

An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-33150 CRITICAL POC Act Now

An OS command injection vulnerability exists in the js_package install functionality of Robustel R1510 3.1.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection R1510 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2022-32773 CRITICAL POC Act Now

An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-32765 CRITICAL POC Act Now

An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection R1510 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-32454 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Stack Overflow Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-30541 CRITICAL POC Act Now

An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-29889 CRITICAL POC Act Now

A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29520 CRITICAL POC Act Now

An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-29477 CRITICAL POC Act Now

An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-29472 CRITICAL POC Act Now

An OS command injection vulnerability exists in the web interface util_set_serial_mac functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2022-27804 CRITICAL POC Act Now

An os command injection vulnerability exists in the web interface util_set_abode_code functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-33897 CRITICAL POC Act Now

A directory traversal vulnerability exists in the web_server /ajax/remove/ functionality of Robustel R1510 3.1.16. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal R1510 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-38181 HIGH POC KEV THREAT This Week

The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Bifrost Gpu Kernel Driver Midgard Gpu Kernel Driver +1
NVD GitHub
CVSS 3.1
8.8
EPSS
12.6%
CVE-2022-3395 HIGH POC This Week

The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp All Export
NVD WPScan VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-3246 HIGH POC This Week

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Blog2Social
NVD WPScan
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-35887 HIGH POC This Week

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-35886 HIGH POC This Week

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-35885 HIGH POC This Week

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-35884 HIGH POC This Week

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-35881 HIGH POC This Week

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-35880 HIGH POC This Week

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-35879 HIGH POC This Week

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-35878 HIGH POC This Week

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-35132 HIGH POC This Week

Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Usermin
NVD GitHub
CVSS 3.1
8.8
EPSS
2.8%
CVE-2022-32775 HIGH POC This Week

An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-32586 HIGH POC This Week

An OS command injection vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
3.8%
CVE-2022-30603 HIGH POC This Week

An OS command injection vulnerability exists in the web interface /action/iperf functionality of Abode Systems, Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.8
EPSS
5.3%
CVE-2022-29475 HIGH POC This Week

An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Iota All In One Security Kit Firmware
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-39345 HIGH POC PATCH This Week

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal File Upload Gin Vue Admin
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-38870 HIGH POC This Week

Free5gc v3.2.1 is vulnerable to Information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Free5gc
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy