Skip to main content
CVE-2022-0847 HIGH POC KEV PATCH THREAT Act Now

Linux kernel contains a flaw known as 'Dirty Pipe' where improper pipe buffer flag initialization allows unprivileged local users to overwrite read-only files, enabling trivial privilege escalation to root on Linux 5.8+.

Linux Kernel
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
82.7%
Threat
9.0
CVE-2022-25090 HIGH POC THREAT Act Now

Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 11.0%.

Privilege Escalation Race Condition Printix
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.1
EPSS
11.0%
CVE-2022-26143 CRITICAL POC KEV THREAT Act Now

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Micollab Mivoice Business Express
NVD
CVSS 3.1
9.8
EPSS
87.6%
CVE-2022-24995 CRITICAL POC THREAT Act Now

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.6%
CVE-2022-24652 CRITICAL POC Act Now

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Sentcms
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-24651 CRITICAL POC Act Now

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Sentcms
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-24609 CRITICAL POC Act Now

Luocms v2.0 is affected by an incorrect access control vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Luocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-24607 CRITICAL POC Act Now

Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Luocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-24606 CRITICAL POC Act Now

Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Luocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-24605 CRITICAL POC Act Now

Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Luocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-24604 CRITICAL POC Act Now

Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Luocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-24603 CRITICAL POC Act Now

Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Luocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-24602 CRITICAL POC Act Now

Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Luocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-24600 CRITICAL POC Act Now

Luocms v2.0 is affected by SQL Injection through /admin/login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Luocms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-24193 CRITICAL POC PATCH Act Now

CasaOS before v0.2.7 was discovered to contain a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Casaos
NVD GitHub
CVSS 3.1
9.8
EPSS
6.0%
CVE-2022-0895 CRITICAL POC PATCH Act Now

Static Code Injection in GitHub repository microweber/microweber prior to 1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Microweber
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-24644 HIGH POC This Week

ZZ Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Keymouse Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.2%
CVE-2022-0204 HIGH POC PATCH This Week

A heap overflow vulnerability was found in bluez in versions prior to 5.63. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Bluez Fedora Debian Linux
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-23940 HIGH POC THREAT This Week

SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
53.2%
CVE-2022-22834 HIGH POC This Week

An issue was discovered in OverIT Geocall before 8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Geocall
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2022-25219 HIGH POC This Week

A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft OpenSSL Information Disclosure K2 Firmware K3 Firmware +3
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2022-25218 HIGH POC This Week

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft OpenSSL Information Disclosure K2 Firmware K3 Firmware +3
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-25217 HIGH POC This Week

Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on the local area network to obtain a root shell on the device over telnet. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft K2 Firmware K3C Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-24396 HIGH POC This Week

The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Simple Diagnostics Agent
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-25566 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25561 HIGH POC This Week

Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax12 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25560 HIGH POC This Week

Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax12 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25558 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetProvince. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25557 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow in the function saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25556 HIGH POC This Week

Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42E328. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax12 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25555 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25554 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25553 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25552 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25551 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25550 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25549 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25548 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25547 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
8.8%
CVE-2022-25546 HIGH POC THREAT This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
12.3%
CVE-2022-24601 HIGH POC This Week

Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Luocms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-22547 HIGH POC This Week

Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Simple Diagnostics Agent
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-25214 HIGH POC This Week

Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure K2 Firmware K3 Firmware K3C Firmware K2G Firmware +1
NVD
CVSS 3.1
7.4
EPSS
1.5%
CVE-2022-26521 HIGH POC This Week

Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Abantecart
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
9.6%
CVE-2022-25225 HIGH POC This Week

Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi PostgreSQL Network Olympus
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2022-0891 HIGH POC PATCH This Week

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Information Disclosure Libtiff Debian Linux +2
NVD
CVSS 3.1
7.1
EPSS
1.5%
CVE-2022-0905 HIGH POC PATCH This Week

Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Gitea
NVD GitHub
CVSS 3.1
7.1
EPSS
0.8%
CVE-2022-25213 MEDIUM POC This Month

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass K2 Firmware K3 Firmware K3C Firmware K2G Firmware +1
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-26661 MEDIUM POC PATCH This Month

An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Proteus Trytond Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-22835 MEDIUM POC THREAT This Month

An issue was discovered in OverIT Geocall before version 8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Geocall
NVD
CVSS 3.1
6.5
EPSS
14.5%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy