Skip to main content
CVE-2022-43340 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dzzoffice
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-0074 HIGH POC This Week

Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Openlitespeed
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-0073 HIGH POC This Week

Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Openlitespeed
NVD GitHub
CVSS 3.1
8.8
EPSS
8.7%
CVE-2022-43366 HIGH POC This Week

IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ew9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-43365 HIGH POC This Week

IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Ew9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-43364 HIGH POC This Week

An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ew9 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-40875 HIGH POC This Week

Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ax1803 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-40874 HIGH POC This Week

Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Denial Of Service Buffer Overflow Ax1803 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-3725 HIGH POC This Week

Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Wireshark Fedora
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-25918 HIGH POC PATCH This Week

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Shescape
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-39978 HIGH POC This Week

Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Pet Shop We App
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-39977 HIGH POC This Week

Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Pet Shop We App
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-41773 HIGH This Week

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
7.9%
CVE-2022-41133 HIGH This Week

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in GetDIAE_line_message_settingsListParameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
26.6%
CVE-2022-40967 HIGH This Week

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckIoTHubNameExisted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
7.7%
CVE-2022-41996 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada premium theme versions <= 7.8.1 on WordPress leading to arbitrary plugin installation/activation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Avada
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-3379 HIGH This Week

Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cscape
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3378 HIGH This Week

Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Cscape
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41627 HIGH This Week

The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kardiamobile Firmware Kardiamobile 6L Firmware Kardiamobile Card Firmware
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2022-38744 HIGH This Week

An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Authentication Bypass Factorytalk Alarms And Events
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-3409 HIGH This Week

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Openbmc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-2809 HIGH This Week

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Denial Of Service Buffer Overflow Openbmc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy