Skip to main content
CVE-2022-35271 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-35270 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-35269 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-35268 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35267 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-35266 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-35265 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-35264 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35263 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35262 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-35261 HIGH POC This Week

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow R1510 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32760 HIGH POC This Week

A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Iota All In One Security Kit Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-3394 HIGH POC This Week

The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Code Injection Wp All Export
NVD WPScan VulDB
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-3335 HIGH POC This Week

The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress PHP Kadence Woocommerce Email Designer
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-3302 HIGH POC This Week

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Spam Protection Antispam Firewall
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-3300 HIGH POC This Week

The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Form Maker
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-34850 HIGH POC This Week

An OS command injection vulnerability exists in the web_server /action/import_authorized_keys/ functionality of Robustel R1510 3.1.16 and 3.3.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection R1510 Firmware
NVD
CVSS 3.1
7.2
EPSS
3.4%
CVE-2022-3247 MEDIUM POC This Month

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Blog2Social
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-3097 MEDIUM POC This Month

The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Lbstopattack
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-32574 MEDIUM POC This Month

A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-2762 MEDIUM POC This Month

The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Adminpad
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-39321 CRITICAL PATCH Act Now

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Docker Command Injection Runner
NVD GitHub
CVSS 3.1
9.9
EPSS
1.5%
CVE-2022-36452 CRITICAL Act Now

A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Micollab
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-39342 CRITICAL PATCH Act Now

OpenFGA is an authorization/permission engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Openfga
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-39341 CRITICAL PATCH Act Now

OpenFGA is an authorization/permission engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Openfga
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-29851 CRITICAL Act Now

documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ox App Suite
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-27805 CRITICAL Act Now

An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-3644 MEDIUM POC PATCH This Month

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pulp Ansible Ansible Automation Platform Satellite Update Infrastructure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-39837 MEDIUM POC This Month

An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Diagnostic Log And Trace
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-39836 MEDIUM POC This Month

An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Diagnostic Log And Trace
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35739 MEDIUM POC This Month

PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Prtg Network Monitor
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-27623 CRITICAL Act Now

Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Synology Diskstation Manager
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-33183 HIGH This Week

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fabric Operating System
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-33179 HIGH This Week

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-28169 HIGH This Week

Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-36453 HIGH This Week

A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Micollab
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-36451 HIGH This Week

A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Micollab
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-3392 MEDIUM POC This Month

The WP Humans.txt WordPress plugin through 1.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Humans Txt
NVD WPScan VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-3391 MEDIUM POC This Month

The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Retain Live Chat
NVD WPScan VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-3350 MEDIUM POC This Month

The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Contact Bank
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-39326 HIGH PATCH This Week

kartverket/github-workflows are shared reusable workflows for GitHub Actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Hashicorp Code Injection Github Workflows
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-38196 HIGH This Week

Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Denial Of Service Arcgis Server
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-33185 HIGH This Week

Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-33184 HIGH This Week

A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-33182 HIGH This Week

A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-38436 HIGH This Week

Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38435 HIGH This Week

Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-39354 HIGH PATCH This Week

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Evm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-42890 HIGH PATCH This Week

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Java Batik Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-41704 HIGH PATCH This Week

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Java Batik Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy