Skip to main content
CVE-2022-35120 HIGH POC This Week

IXPdata EasyInstall 6.6.14725 contains an access control issue. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Easyinstall
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-45045 HIGH POC This Week

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mbd6304T Nbd6808T Pl Nbd7004T P Nbd7008T P +140
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-40489 HIGH POC PATCH This Week

ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Thinkcmf
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-28607 HIGH POC This Week

An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Isic Lk
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-45640 HIGH POC This Week

Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Tenda Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-3713 HIGH This Week

A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Sophos RCE Code Injection Xg Firewall Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-3709 HIGH This Week

A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Privilege Escalation XSS Xg Firewall Firmware
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2022-42718 HIGH PATCH This Week

Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Labview Command Line Interface
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-29837 HIGH This Week

A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal RCE My Cloud Home Firmware My Cloud Home Duo Firmware Sandisk Ibi Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2969 HIGH This Week

Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Dialink
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-37017 HIGH This Week

Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Symantec Endpoint Protection
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-4246 HIGH This Week

A vulnerability classified as problematic has been found in Kakao PotPlayer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Potplayer
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-44211 HIGH This Week

In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Goodcloud
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2022-3696 HIGH This Week

A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos RCE Code Injection Xg Firewall Firmware
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-3226 HIGH This Week

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Xg Firewall Firmware
NVD
CVSS 3.1
7.2
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy