Skip to main content
CVE-2022-46642 CRITICAL POC Act Now

D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846 Firmware
NVD GitHub
CVSS 3.1
9.9
EPSS
3.1%
CVE-2022-46641 CRITICAL POC Act Now

D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846 Firmware
NVD GitHub
CVSS 3.1
9.9
EPSS
3.1%
CVE-2022-47945 CRITICAL POC PATCH THREAT Act Now

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal PHP Thinkphp
NVD GitHub
CVSS 3.1
9.8
EPSS
15.5%
CVE-2022-45711 CRITICAL POC THREAT Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the hostname parameter in the formSetNetCheckTools function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
20.2%
CVE-2022-4686 CRITICAL POC PATCH Act Now

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-4689 HIGH POC PATCH This Week

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-4688 HIGH POC PATCH This Week

Improper Authorization in GitHub repository usememos/memos prior to 0.9.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-4684 HIGH POC PATCH This Week

Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-4665 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache prior to 5.5.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Ampache
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-4687 HIGH POC PATCH This Week

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2022-46171 HIGH POC PATCH This Week

Tauri is a framework for building binaries for all major desktop platforms. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Tauri
NVD GitHub
CVSS 3.1
7.7
EPSS
1.0%
CVE-2022-23854 HIGH POC THREAT This Week

AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Intouch Access Anywhere
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
46.0%
CVE-2022-43551 HIGH POC THREAT This Week

A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Curl Fedora Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
7.5
EPSS
16.5%
CVE-2022-40899 HIGH POC PATCH This Week

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Python Future
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-40898 HIGH POC PATCH This Week

An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Wheel
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2022-4683 MEDIUM POC PATCH This Month

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-46492 MEDIUM POC This Month

nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nbnbk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-40011 MEDIUM POC This Month

Typora through 1.3.8 allows XSS if a document containing an SVG element with an attacker-controlled onload attribute is exported and then used at a victim's origin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Typora
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-40897 MEDIUM POC PATCH This Month

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Python Denial Of Service Setuptools
NVD GitHub
CVSS 3.1
5.9
EPSS
2.6%
CVE-2022-45721 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the picName parameter in the formDelWewifiPic function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45720 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the ip, mac, and remark parameters in the formIPMacBindModify function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45719 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the gotoUrl parameter in the formPortalAuth function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45718 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formIPMacBindAdd function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45717 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-45716 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formIPMacBindDel function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45715 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pLanPortRange and pWanPortRange parameters in the formSetPortMapping function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45714 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formQOSRuleDel function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45712 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formAddDnsForward function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45710 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45709 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection vulnerabilities via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-45708 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the sPortMapIndex parameter in the formDelPortMapping function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45707 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formAddDnsHijack function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45706 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the hostname parameter in the formSetNetCheckTools function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-47939 CRITICAL PATCH Act Now

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Linux Use After Free Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
9.8
EPSS
46.4%
CVE-2022-44567 CRITICAL Act Now

A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection XSS Rocket Chat
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-23547 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Pjsip
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-47946 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel 5.10.x before 5.10.155. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Use After Free Denial Of Service Memory Corruption Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-4692 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-4690 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-23513 MEDIUM POC THREAT This Month

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Adminlte
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
40.2%
CVE-2022-28228 CRITICAL Act Now

Out-of-bounds read was discovered in YDB server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Ydb
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-47931 CRITICAL PATCH Act Now

IO FinNet tss-lib before 2.0.0 allows a collision of hash values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tss Lib
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2022-47942 HIGH PATCH This Week

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2022-41290 HIGH PATCH This Week

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

IBM Privilege Escalation Vios Aix
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2022-47633 HIGH PATCH This Week

An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Kubernetes Kyverno
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-47943 HIGH PATCH This Week

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 3.1
8.1
EPSS
3.5%
CVE-2022-47940 HIGH PATCH This Week

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Linux Buffer Overflow Linux Kernel
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2022-23539 HIGH PATCH This Week

Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Jsonwebtoken
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2022-28229 HIGH This Week

The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Userver
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-47941 HIGH PATCH This Week

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.5
EPSS
4.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy