Skip to main content
CVE-2022-25898 CRITICAL POC PATCH Act Now

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jwt Attack Jsrsasign
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-32324 CRITICAL POC Act Now

PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Pdfalto
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-32095 CRITICAL POC Act Now

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-32094 CRITICAL POC Act Now

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
7.5%
CVE-2022-32093 CRITICAL POC Act Now

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-31943 CRITICAL POC Act Now

MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-25900 CRITICAL POC Act Now

All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Git Clone
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-32032 CRITICAL POC Act Now

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
9.4%
CVE-2022-2274 CRITICAL POC PATCH THREAT Act Now

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE OpenSSL Buffer Overflow Snapcenter +5
NVD GitHub
CVSS 3.1
9.8
EPSS
44.9%
CVE-2022-32384 HIGH POC This Week

Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ac23 Ac2100 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-32420 HIGH POC THREAT This Week

College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE College Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
18.9%
CVE-2022-2185 HIGH POC THREAT This Week

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Gitlab Command Injection
NVD
CVSS 3.1
8.8
EPSS
76.9%
CVE-2022-2264 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2022-32091 HIGH POC This Week

MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure MariaDB Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-32089 HIGH POC This Week

MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Fedora
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-32088 HIGH POC This Week

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-32087 HIGH POC This Week

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-32086 HIGH POC This Week

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-32085 HIGH POC This Week

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-32084 HIGH POC This Week

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-32083 HIGH POC This Week

MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-32082 HIGH POC This Week

MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service MariaDB Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-32081 HIGH POC This Week

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure MariaDB Fedora
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-25758 HIGH POC PATCH This Week

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Scss Tokenizer
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-32053 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32052 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32051 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32050 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32049 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32048 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32047 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32046 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32045 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32044 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32043 HIGH POC This Week

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow M3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32041 HIGH POC This Week

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow M3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32040 HIGH POC This Week

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow M3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32039 HIGH POC This Week

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow M3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32037 HIGH POC This Week

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow M3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32036 HIGH POC This Week

Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow M3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32035 HIGH POC THREAT This Week

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow M3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
13.4%
CVE-2022-32034 HIGH POC This Week

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow M3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32033 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32031 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32030 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-33099 HIGH POC PATCH This Week

An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Lua Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-32412 HIGH POC This Week

An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hongcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32411 HIGH POC This Week

An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hongcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-34903 MEDIUM POC PATCH This Month

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Gnupg Fedora Debian Linux Active Iq Unified Manager +1
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2022-32325 MEDIUM POC This Month

JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Jpegoptim Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy