Skip to main content
CVE-2022-43003 CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-43002 CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-43001 CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-43000 CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42998 CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-3671 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elearning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-37202 HIGH POC This Week

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinal Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-3670 HIGH POC This Week

A vulnerability was found in Axiomatic Bento4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Bento4
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-3666 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Bento4
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-3665 HIGH POC This Week

A vulnerability classified as critical was found in Axiomatic Bento4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Bento4
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-3664 HIGH POC This Week

A vulnerability classified as critical has been found in Axiomatic Bento4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Bento4
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-3662 HIGH POC This Week

A vulnerability was found in Axiomatic Bento4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Bento4
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-42999 HIGH POC This Week

D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 816 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2022-3667 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Axiomatic Bento4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Bento4
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-43776 MEDIUM POC This Month

The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Metabase
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-25849 MEDIUM POC This Month

The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hyperdown
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3363 CRITICAL PATCH Act Now

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-39355 CRITICAL PATCH Act Now

Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Patreon
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43775 CRITICAL Act Now

The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
20.6%
CVE-2022-43774 CRITICAL Act Now

The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3674 CRITICAL Act Now

A vulnerability has been found in SourceCodester Sanitization Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sanitization Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-42468 CRITICAL PATCH Act Now

Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache RCE Java Flume
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-39357 CRITICAL PATCH Act Now

Winter is a free, open-source content management system based on the Laravel PHP framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Information Disclosure PHP Prototype Pollution Winter
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-2422 CRITICAL PATCH Act Now

Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Feathers Sequelize
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2421 CRITICAL PATCH Act Now

Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Socket Io Parser
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29823 CRITICAL PATCH Act Now

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Prototype Pollution Feathers Sequelize
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-29822 CRITICAL PATCH Act Now

Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Feathers Sequelize
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-43747 CRITICAL Act Now

baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Management Suite
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-3669 MEDIUM POC This Month

A vulnerability was found in Axiomatic Bento4 and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-3668 MEDIUM POC This Month

A vulnerability has been found in Axiomatic Bento4 and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-3663 MEDIUM POC This Month

A vulnerability was found in Axiomatic Bento4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-3704 MEDIUM POC PATCH This Month

A vulnerability classified as problematic has been found in Ruby on Rails. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Rails
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-39348 MEDIUM POC PATCH This Month

Twisted is an event-based framework for internet applications. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Twisted Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2022-39286 HIGH PATCH This Week

Jupyter Core is a package for the core common functionality of Jupyter projects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Privilege Escalation Jupyter Core Debian Linux Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-39362 HIGH PATCH This Week

Metabase is data visualization software. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Metabase
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-39361 HIGH This Week

Metabase is data visualization software. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Metabase
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-40238 HIGH This Week

A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Vince
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-39944 HIGH PATCH This Week

In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Deserialization RCE Linkis
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-43749 HIGH This Week

Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Privilege Escalation Presto File Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-20933 HIGH This Week

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Meraki Mx64 Firmware Meraki Mx64W Firmware Meraki Mx65 Firmware +20
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2022-20822 HIGH This Week

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Identity Services Engine
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-31256 HIGH This Week

A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Factory
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3705 HIGH PATCH This Week

A vulnerability was found in vim and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Vim Fedora Debian Linux +1
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-43766 HIGH PATCH This Week

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Java Iotdb
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-43748 HIGH This Week

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Synology Presto File Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-20811 HIGH This Week

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Path Traversal Telepresence Collaboration Endpoint Roomos
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-20955 HIGH This Week

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Path Traversal Telepresence Collaboration Endpoint Roomos
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-20954 HIGH This Week

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Path Traversal Telepresence Collaboration Endpoint Roomos
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2022-20776 MEDIUM This Month

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Path Traversal Telepresence Collaboration Endpoint Roomos
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2022-43750 MEDIUM PATCH This Month

drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
6.7
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy