Skip to main content
CVE-2022-32384 HIGH POC This Week

Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ac23 Ac2100 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-32420 HIGH POC THREAT This Week

College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE College Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
18.9%
CVE-2022-2185 HIGH POC THREAT This Week

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Gitlab Command Injection
NVD
CVSS 3.1
8.8
EPSS
76.9%
CVE-2022-2264 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2022-32091 HIGH POC This Week

MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure MariaDB Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-32089 HIGH POC This Week

MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Fedora
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-32088 HIGH POC This Week

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-32087 HIGH POC This Week

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-32086 HIGH POC This Week

MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-32085 HIGH POC This Week

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-32084 HIGH POC This Week

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-32083 HIGH POC This Week

MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-32082 HIGH POC This Week

MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service MariaDB Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-32081 HIGH POC This Week

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure MariaDB Fedora
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-25758 HIGH POC PATCH This Week

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Scss Tokenizer
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-32053 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32052 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32051 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32050 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32049 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32048 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32047 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32046 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32045 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32044 HIGH POC This Week

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32043 HIGH POC This Week

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow M3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32041 HIGH POC This Week

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow M3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32040 HIGH POC This Week

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow M3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32039 HIGH POC This Week

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow M3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32037 HIGH POC This Week

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow M3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32036 HIGH POC This Week

Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow M3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32035 HIGH POC THREAT This Week

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow M3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
13.4%
CVE-2022-32034 HIGH POC This Week

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow M3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32033 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32031 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32030 HIGH POC This Week

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Memory Corruption Buffer Overflow Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-33099 HIGH POC PATCH This Week

An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Lua Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-32412 HIGH POC This Week

An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hongcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-32411 HIGH POC This Week

An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hongcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-33103 HIGH This Week

Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow U Boot
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-2229 HIGH This Week

An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-27904 HIGH This Week

Automox Agent for macOS before version 39 was vulnerable to a time-of-check/time-of-use (TOCTOU) race-condition attack during the agent install process. Rated high severity (CVSS 7.0). No vendor patch available.

Apple Information Disclosure Automox
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy