Skip to main content
CVE-2022-43003 CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-43002 CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-43001 CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-43000 CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42998 CRITICAL POC Act Now

D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 816 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-3671 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Elearning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-3363 CRITICAL PATCH Act Now

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-39355 CRITICAL PATCH Act Now

Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Patreon
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43775 CRITICAL Act Now

The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
20.6%
CVE-2022-43774 CRITICAL Act Now

The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Diaenergie
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-3674 CRITICAL Act Now

A vulnerability has been found in SourceCodester Sanitization Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sanitization Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-42468 CRITICAL PATCH Act Now

Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache RCE Java Flume
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-39357 CRITICAL PATCH Act Now

Winter is a free, open-source content management system based on the Laravel PHP framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Information Disclosure PHP Prototype Pollution Winter
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-2422 CRITICAL PATCH Act Now

Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Feathers Sequelize
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-2421 CRITICAL PATCH Act Now

Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Socket Io Parser
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-29823 CRITICAL PATCH Act Now

Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Prototype Pollution Feathers Sequelize
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-29822 CRITICAL PATCH Act Now

Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Feathers Sequelize
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-43747 CRITICAL Act Now

baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Management Suite
NVD
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy