Skip to main content
CVE-2022-38580 CRITICAL POC PATCH THREAT Act Now

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.0%.

SSRF Skipper
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
11.0%
CVE-2022-33195 CRITICAL POC Act Now

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
10.0
EPSS
3.2%
CVE-2022-33194 CRITICAL POC Act Now

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
10.0
EPSS
3.1%
CVE-2022-33193 CRITICAL POC Act Now

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
10.0
EPSS
3.1%
CVE-2022-33192 CRITICAL POC Act Now

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
10.0
EPSS
3.2%
CVE-2022-33207 CRITICAL POC Act Now

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.9
EPSS
4.2%
CVE-2022-33206 CRITICAL POC Act Now

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.9
EPSS
4.2%
CVE-2022-33205 CRITICAL POC Act Now

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.9
EPSS
4.2%
CVE-2022-33204 CRITICAL POC Act Now

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.9
EPSS
4.2%
CVE-2022-41711 CRITICAL POC PATCH Act Now

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Badaso
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-3393 CRITICAL POC Act Now

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Code Injection Post To Csv
NVD WPScan VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-39327 CRITICAL POC PATCH Act Now

Azure CLI is the command-line interface for Microsoft Azure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Code Injection Azure Command Line Interface
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-39322 CRITICAL POC PATCH Act Now

@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Keystone
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-39312 CRITICAL POC PATCH Act Now

Dataease is an open source data visualization analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Java Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-35877 CRITICAL POC Act Now

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35876 CRITICAL POC Act Now

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35875 CRITICAL POC Act Now

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35874 CRITICAL POC Act Now

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35244 CRITICAL POC Act Now

A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-33938 CRITICAL POC Act Now

A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-33189 CRITICAL POC Act Now

An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-33150 CRITICAL POC Act Now

An OS command injection vulnerability exists in the js_package install functionality of Robustel R1510 3.1.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection R1510 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2022-32773 CRITICAL POC Act Now

An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-32765 CRITICAL POC Act Now

An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection R1510 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-32454 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the XCMD setIPCam functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Stack Overflow Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-30541 CRITICAL POC Act Now

An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-29889 CRITICAL POC Act Now

A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29520 CRITICAL POC Act Now

An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-29477 CRITICAL POC Act Now

An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-29472 CRITICAL POC Act Now

An OS command injection vulnerability exists in the web interface util_set_serial_mac functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2022-27804 CRITICAL POC Act Now

An os command injection vulnerability exists in the web interface util_set_abode_code functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-33897 CRITICAL POC Act Now

A directory traversal vulnerability exists in the web_server /ajax/remove/ functionality of Robustel R1510 3.1.16. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal R1510 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-39321 CRITICAL PATCH Act Now

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Docker Command Injection Runner
NVD GitHub
CVSS 3.1
9.9
EPSS
1.5%
CVE-2022-36452 CRITICAL Act Now

A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Micollab
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-39342 CRITICAL PATCH Act Now

OpenFGA is an authorization/permission engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Openfga
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-39341 CRITICAL PATCH Act Now

OpenFGA is an authorization/permission engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Openfga
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-29851 CRITICAL Act Now

documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ox App Suite
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-27805 CRITICAL Act Now

An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iota All In One Security Kit Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-27623 CRITICAL Act Now

Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Synology Diskstation Manager
NVD
CVSS 3.1
9.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy