Skip to main content
CVE-2022-26612 CRITICAL POC PATCH Act Now

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apache Microsoft Hadoop
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2022-27022 CRITICAL POC Act Now

There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-27016 CRITICAL POC Act Now

There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-23900 CRITICAL POC Act Now

A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn531P3 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-26676 CRITICAL Act Now

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation A Hrd
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-27818 CRITICAL PATCH Act Now

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Denial Of Service Information Disclosure Swhkd
NVD GitHub
CVSS 3.1
9.1
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy