Skip to main content
CVE-2022-44194 CRITICAL POC Act Now

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-36179 CRITICAL POC Act Now

Fusiondirectory 1.3 suffers from Improper Session Handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fusiondirectory
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-36180 CRITICAL POC Act Now

{Injection],. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Fusiondirectory
NVD VulDB
CVSS 3.1
9.6
EPSS
1.0%
CVE-2022-44808 CRITICAL POC Act Now

A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2022-44807 CRITICAL POC Act Now

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 882 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44806 CRITICAL POC Act Now

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 882 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44804 CRITICAL POC Act Now

D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 882 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44801 CRITICAL POC Act Now

D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 878 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44202 CRITICAL POC Act Now

D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 878 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44201 CRITICAL POC Act Now

D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44184 CRITICAL POC Act Now

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44200 CRITICAL POC Act Now

Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44199 CRITICAL POC Act Now

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44198 CRITICAL POC Act Now

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44197 CRITICAL POC Act Now

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44196 CRITICAL POC Act Now

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44193 CRITICAL POC Act Now

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44191 CRITICAL POC Act Now

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44190 CRITICAL POC Act Now

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44188 CRITICAL POC Act Now

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44187 CRITICAL POC Act Now

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44186 CRITICAL POC Act Now

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_pri. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-40842 CRITICAL POC Act Now

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Ndkadvancedcustomizationfields
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-42989 CRITICAL POC Act Now

ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sankhya Om
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
1.0%
CVE-2022-33012 HIGH POC This Week

Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Microweber
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-42098 HIGH POC This Week

KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Klik Socialmediawebsite
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-41950 HIGH POC This Week

super-xray is the GUI alternative for vulnerability scanning tool xray. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Super Xray
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-45331 HIGH POC This Week

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Aerocms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-45330 HIGH POC This Week

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Aerocms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-30529 HIGH POC This Week

File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Isic Lk
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-4111 MEDIUM POC PATCH This Month

Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Tooljet
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-41940 MEDIUM POC PATCH This Month

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js Information Disclosure Engine Io
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2022-4116 CRITICAL PATCH Act Now

A vulnerability was found in quarkus. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Build Of Quarkus Quarkus
NVD
CVSS 3.1
9.8
EPSS
32.5%
CVE-2022-43212 CRITICAL Act Now

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Billing System Project
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-39070 CRITICAL Act Now

There is an access control vulnerability in some ZTE PON OLT products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxa10 C350M Firmware Zxa10 C300M Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40189 CRITICAL PATCH Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Command Injection Airflow Apache Airflow Providers Apache Pig
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2022-38649 CRITICAL PATCH Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Command Injection Airflow Apache Airflow Providers Apache Pinot
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-40602 CRITICAL PATCH Act Now

A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Zyxel Authentication Bypass Lte3301 M209 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-36227 CRITICAL PATCH Act Now

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference RCE Denial Of Service Libarchive Debian Linux +2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-43215 CRITICAL Act Now

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Billing System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43214 CRITICAL Act Now

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Billing System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41326 CRITICAL Act Now

The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Micollab
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-45536 MEDIUM POC This Month

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Aerocms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-45535 MEDIUM POC This Month

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Aerocms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-45529 MEDIUM POC This Month

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Aerocms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-41919 HIGH PATCH This Week

Fastify is a web framework with minimal overhead and plugin architecture. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Fastify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-39066 HIGH This Week

There is a SQL injection vulnerability in ZTE MF286R. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zte Mf286R Firmware
NVD
CVSS 3.1
8.8
EPSS
26.5%
CVE-2022-41445 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teacher Record Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2022-42097 MEDIUM POC This Month

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Backdrop
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2022-42094 MEDIUM POC This Month

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Backdrop
NVD GitHub
CVSS 3.1
4.8
EPSS
2.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy