Skip to main content
CVE-2022-24637 CRITICAL POC PATCH THREAT Emergency

Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Open Web Analytics
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.1%
CVE-2021-45834 CRITICAL POC Act Now

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Opendocman
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-25578 CRITICAL POC Act Now

taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Taocms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-26265 CRITICAL POC THREAT Act Now

Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Contao
NVD GitHub
CVSS 3.1
9.8
EPSS
30.4%
CVE-2022-25461 CRITICAL POC Act Now

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25460 CRITICAL POC Act Now

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the endip parameter in the SetPptpServerCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25459 CRITICAL POC Act Now

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the SetSysTimeCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25458 CRITICAL POC Act Now

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25457 CRITICAL POC Act Now

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25456 CRITICAL POC Act Now

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25455 CRITICAL POC Act Now

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25454 CRITICAL POC Act Now

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25453 CRITICAL POC Act Now

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25452 CRITICAL POC Act Now

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25451 CRITICAL POC Act Now

Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25450 CRITICAL POC THREAT Act Now

Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
11.6%
CVE-2022-25449 CRITICAL POC Act Now

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25448 CRITICAL POC Act Now

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the day parameter in the openSchedWifi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25447 CRITICAL POC Act Now

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25446 CRITICAL POC Act Now

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime parameter in the openSchedWifi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25445 CRITICAL POC Act Now

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
9.0%
CVE-2022-25441 CRITICAL POC Act Now

Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
CVE-2022-25440 CRITICAL POC Act Now

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25439 CRITICAL POC Act Now

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25438 CRITICAL POC Act Now

Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
CVE-2022-25437 CRITICAL POC Act Now

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25435 CRITICAL POC Act Now

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25434 CRITICAL POC Act Now

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
9.1%
CVE-2022-25433 CRITICAL POC Act Now

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25431 CRITICAL POC Act Now

Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25429 CRITICAL POC Act Now

Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25428 CRITICAL POC Act Now

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-25427 CRITICAL POC Act Now

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-24595 CRITICAL POC Act Now

Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kooky Koi
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-25390 CRITICAL Act Now

DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Dcme 520 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2022-27250 CRITICAL Act Now

The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device's screen, record video of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Unisoc Chipset
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-22642 CRITICAL Act Now

This issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Ipados Iphone Os
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-22641 CRITICAL Act Now

A use after free issue was addressed with improved memory management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Apple Ipados +3
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-22635 CRITICAL Act Now

An out-of-bounds write issue was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple Ipados Iphone Os +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-22632 CRITICAL Act Now

A logic issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-22587 CRITICAL KEV THREAT Act Now

A memory corruption issue was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Apple Ipados +2
NVD
CVSS 3.1
9.8
EPSS
11.6%
CVE-2022-22586 CRITICAL Act Now

An out-of-bounds write issue was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Apple macOS
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-0547 CRITICAL PATCH Act Now

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Openvpn Fedora Debian Linux
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-27240 CRITICAL PATCH Act Now

scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Glewlwyd Sso Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy