Skip to main content
CVE-2022-44194 CRITICAL POC Act Now

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-36179 CRITICAL POC Act Now

Fusiondirectory 1.3 suffers from Improper Session Handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fusiondirectory
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-36180 CRITICAL POC Act Now

Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection],. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Fusiondirectory
NVD VulDB
CVSS 3.1
9.6
EPSS
1.0%
CVE-2022-44808 CRITICAL POC Act Now

A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2022-44807 CRITICAL POC Act Now

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 882 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44806 CRITICAL POC Act Now

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 882 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44804 CRITICAL POC Act Now

D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 882 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44801 CRITICAL POC Act Now

D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 878 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44202 CRITICAL POC Act Now

D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption D-Link Buffer Overflow Dir 878 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44201 CRITICAL POC Act Now

D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44184 CRITICAL POC Act Now

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44200 CRITICAL POC Act Now

Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44199 CRITICAL POC Act Now

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44198 CRITICAL POC Act Now

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-44197 CRITICAL POC Act Now

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44196 CRITICAL POC Act Now

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44193 CRITICAL POC Act Now

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44191 CRITICAL POC Act Now

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44190 CRITICAL POC Act Now

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44188 CRITICAL POC Act Now

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44187 CRITICAL POC Act Now

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-44186 CRITICAL POC Act Now

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_pri. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-40842 CRITICAL POC Act Now

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Ndkadvancedcustomizationfields
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-42989 CRITICAL POC Act Now

ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sankhya Om
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
1.0%
CVE-2022-4116 CRITICAL PATCH Act Now

A vulnerability was found in quarkus. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Build Of Quarkus Quarkus
NVD
CVSS 3.1
9.8
EPSS
32.5%
CVE-2022-43212 CRITICAL Act Now

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Billing System Project
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-39070 CRITICAL Act Now

There is an access control vulnerability in some ZTE PON OLT products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxa10 C350M Firmware Zxa10 C300M Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40189 CRITICAL PATCH Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Command Injection Airflow Apache Airflow Providers Apache Pig
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2022-38649 CRITICAL PATCH Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Command Injection Airflow Apache Airflow Providers Apache Pinot
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-40602 CRITICAL PATCH Act Now

A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Zyxel Authentication Bypass Lte3301 M209 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-36227 CRITICAL PATCH Act Now

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference RCE Denial Of Service Libarchive Debian Linux +2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-43215 CRITICAL Act Now

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Billing System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43214 CRITICAL Act Now

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Billing System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41326 CRITICAL Act Now

The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Micollab
NVD
CVSS 3.1
9.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy