Skip to main content
CVE-2022-41622 HIGH POC THREAT Act Now

In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Big Iq Centralized Management Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Access Policy Manager +8
NVD
CVSS 3.1
8.8
EPSS
88.0%
CVE-2022-41800 HIGH POC THREAT Act Now

In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
8.7
EPSS
62.4%
CVE-2022-44373 HIGH POC This Week

A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Tew 820Ap Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-44849 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Metinfo
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-45915 HIGH POC This Week

ILIAS before 7.16 allows OS Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ilias
NVD
CVSS 3.1
8.8
EPSS
4.7%
CVE-2022-44942 HIGH POC PATCH This Week

Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Casdoor
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-46770 HIGH POC THREAT This Week

qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mirage Firewall
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
21.5%
CVE-2022-44393 HIGH POC This Week

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Sanitization Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-4322 HIGH POC PATCH This Week

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Information Disclosure Maku Boot
NVD VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-45009 HIGH POC This Week

Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Leave Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-43581 HIGH PATCH This Week

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

IBM Buffer Overflow Content Navigator
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-40966 HIGH PATCH This Week

Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass HP Wcr 300 Firmware Whr Hp G300N Firmware Whr Hp Gn Firmware +72
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-44620 HIGH This Week

Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Udr Ja1604 Firmware Udr Ja1608 Firmware Udr Ja1616 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-44606 HIGH This Week

OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Udr Ja1604 Firmware Udr Ja1608 Firmware Udr Ja1616 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-43464 HIGH This Week

Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Udr Ja1604 Firmware Udr Ja1608 Firmware Udr Ja1616 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-2952 HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2948 HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow RCE Buffer Overflow Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2002 HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-43667 HIGH This Week

Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure RCE Buffer Overflow Cx Programmer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-43509 HIGH This Week

Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure RCE Buffer Overflow Cx Programmer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-43508 HIGH This Week

Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Use After Free Memory Corruption Cx Programmer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23491 HIGH PATCH This Week

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Certifi E Series Performance Analyzer +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-23487 HIGH PATCH This Week

js-libp2p is the official javascript Implementation of libp2p networking stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libp2P
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-23486 HIGH PATCH This Week

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libp2P
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41720 HIGH PATCH This Week

On Windows, restricted files can be accessed via os.DirFS and http.Dir. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Microsoft Go
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-44608 HIGH This Week

Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cybozu Remote Service
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-43468 HIGH This Week

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Wordpress Popular Posts
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-43660 HIGH This Week

Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Code Injection Movable Type
NVD
CVSS 3.1
7.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy