Skip to main content
CVE-2022-40876 CRITICAL POC Act Now

In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda RCE Buffer Overflow Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-39976 CRITICAL POC Act Now

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /modules/announcement/index.php?view=edit&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Activity Updates With Sms Notification
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43367 CRITICAL POC Act Now

IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ew9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2022-43340 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dzzoffice
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-0074 HIGH POC This Week

Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Openlitespeed
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-0073 HIGH POC This Week

Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Openlitespeed
NVD GitHub
CVSS 3.1
8.8
EPSS
8.7%
CVE-2022-43366 HIGH POC This Week

IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ew9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-43365 HIGH POC This Week

IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Ew9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-43364 HIGH POC This Week

An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ew9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-40875 HIGH POC This Week

Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ax1803 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-40874 HIGH POC This Week

Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow Ax1803 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-3725 HIGH POC This Week

Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Wireshark Fedora
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-25918 HIGH POC PATCH This Week

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Shescape
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-39978 HIGH POC This Week

Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Pet Shop We App
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-39977 HIGH POC This Week

Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Pet Shop We App
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-31898 MEDIUM POC THREAT This Month

gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gl Mt300N V2 Firmware Gl Ax1800 Firmware
NVD
CVSS 3.1
6.8
EPSS
15.9%
CVE-2022-42055 MEDIUM POC This Month

Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Goodcloud
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2022-39364 MEDIUM POC PATCH This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Nextcloud Information Disclosure Nextcloud Enterprise Server Nextcloud Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-32407 MEDIUM POC This Month

Softr v2.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via the First Name parameter under the Create A New Account module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Softr
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3386 CRITICAL Act Now

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow R Seenet
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-3385 CRITICAL Act Now

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow R Seenet
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-0072 MEDIUM POC This Month

Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Openlitespeed
NVD GitHub
CVSS 3.1
5.8
EPSS
1.0%
CVE-2022-3095 CRITICAL Act Now

The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dart Software Development Kit Flutter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-39365 CRITICAL PATCH Act Now

Pimcore is an open source data and experience management platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Pimcore
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-3714 CRITICAL Act Now

A vulnerability classified as critical has been found in SourceCodester Online Medicine Ordering System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Online Medicine Ordering System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-42993 MEDIUM POC This Month

Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Password Storage Application
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-42991 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Online Public Access Catalog
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-42992 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Train Scheduler App
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-42054 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Goodcloud
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2782 CRITICAL Act Now

In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Server
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2022-41773 HIGH This Week

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
7.9%
CVE-2022-41133 HIGH This Week

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
26.6%
CVE-2022-40967 HIGH This Week

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
7.7%
CVE-2022-41996 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Avada
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-3379 HIGH This Week

Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cscape
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3378 HIGH This Week

Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Cscape
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41627 HIGH This Week

The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kardiamobile Firmware Kardiamobile 6L Firmware Kardiamobile Card Firmware
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2022-38744 HIGH This Week

An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Authentication Bypass Factorytalk Alarms And Events
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-3409 HIGH This Week

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Openbmc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-2809 HIGH This Week

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Denial Of Service Buffer Overflow Openbmc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-24670 MEDIUM This Month

An attacker can use the unrestricted LDAP queries to determine configuration entries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Access Management
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-24669 MEDIUM This Month

It may be possible to gain some details of the deployment through a well-crafted attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Access Management
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-36182 MEDIUM This Month

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp XSS Boundary
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-41702 MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
5.4
EPSS
11.1%
CVE-2022-41701 MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
5.4
EPSS
11.1%
CVE-2022-41651 MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
5.4
EPSS
11.1%
CVE-2022-41555 MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
5.4
EPSS
11.1%
CVE-2022-40965 MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
5.4
EPSS
11.1%
CVE-2022-3716 MEDIUM This Month

A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Online Medicine Ordering System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2021-45475 MEDIUM This Month

Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Library Automation System
NVD
CVSS 3.1
5.3
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy