Skip to main content
CVE-2022-0847 HIGH POC KEV PATCH THREAT Act Now

Linux kernel contains a flaw known as 'Dirty Pipe' where improper pipe buffer flag initialization allows unprivileged local users to overwrite read-only files, enabling trivial privilege escalation to root on Linux 5.8+.

Linux Kernel
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
82.7%
Threat
9.0
CVE-2022-25090 HIGH POC THREAT Act Now

Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 11.0%.

Privilege Escalation Race Condition Printix
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.1
EPSS
11.0%
CVE-2022-24644 HIGH POC This Week

ZZ Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Keymouse Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.2%
CVE-2022-0204 HIGH POC PATCH This Week

A heap overflow vulnerability was found in bluez in versions prior to 5.63. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Bluez Fedora Debian Linux
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-23940 HIGH POC THREAT This Week

SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
53.2%
CVE-2022-22834 HIGH POC This Week

An issue was discovered in OverIT Geocall before 8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Geocall
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2022-25219 HIGH POC This Week

A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft OpenSSL Information Disclosure K2 Firmware K3 Firmware +3
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2022-25218 HIGH POC This Week

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft OpenSSL Information Disclosure K2 Firmware K3 Firmware +3
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-25217 HIGH POC This Week

Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on the local area network to obtain a root shell on the device over telnet. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft K2 Firmware K3C Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-24396 HIGH POC This Week

The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Simple Diagnostics Agent
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-25566 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25561 HIGH POC This Week

Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax12 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25560 HIGH POC This Week

Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax12 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25558 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetProvince. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25557 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow in the function saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25556 HIGH POC This Week

Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42E328. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax12 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25555 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25554 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25553 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25552 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25551 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25550 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25549 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25548 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25547 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
8.8%
CVE-2022-25546 HIGH POC THREAT This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Denial Of Service Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
12.3%
CVE-2022-24601 HIGH POC This Week

Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Luocms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-22547 HIGH POC This Week

Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Simple Diagnostics Agent
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-25214 HIGH POC This Week

Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure K2 Firmware K3 Firmware K3C Firmware K2G Firmware +1
NVD
CVSS 3.1
7.4
EPSS
1.5%
CVE-2022-26521 HIGH POC This Week

Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Abantecart
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
9.6%
CVE-2022-25225 HIGH POC This Week

Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi PostgreSQL Network Olympus
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2022-0891 HIGH POC PATCH This Week

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Information Disclosure Libtiff Debian Linux +2
NVD
CVSS 3.1
7.1
EPSS
1.5%
CVE-2022-0905 HIGH POC PATCH This Week

Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Gitea
NVD GitHub
CVSS 3.1
7.1
EPSS
0.8%
CVE-2022-26846 HIGH PATCH This Week

SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Spip Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-24915 HIGH This Week

The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Ipdio Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-22985 HIGH This Week

The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Ipdio Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-0507 HIGH This Week

Found a potential security vulnerability inside the Pandora API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Pandora Fms
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-24618 HIGH This Week

Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Heimdal Premium Security
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-24750 HIGH PATCH This Week

UltraVNC is a free and open source remote pc access software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Ultravnc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-25815 HIGH This Week

PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-25814 HIGH This Week

PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-25325 HIGH This Week

Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-25294 HIGH This Week

Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Apple Insider Threat Management
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-25234 HIGH This Week

Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Information Disclosure Cx Programmer
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-25230 HIGH This Week

Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-24960 HIGH This Week

A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Microsoft Pdftron
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-24931 HIGH This Week

Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-24928 HIGH This Week

Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-24286 HIGH This Week

Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Quickaccess
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-24285 HIGH This Week

Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Care Center
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy