Skip to main content
CVE-2022-34592 CRITICAL POC Act Now

Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn575A3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-32449 CRITICAL POC THREAT Act Now

TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex300 V2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
18.4%
CVE-2022-32056 CRITICAL POC Act Now

Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Accreditation Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-32054 CRITICAL POC THREAT Act Now

Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda RCE Command Injection Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
31.7%
CVE-2022-32207 CRITICAL POC Act Now

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora Debian Linux Clustered Data Ontap +10
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2022-25046 CRITICAL POC THREAT Act Now

A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Path Traversal Webpanel
NVD GitHub
CVSS 3.1
9.8
EPSS
53.5%
CVE-2022-33936 CRITICAL Act Now

Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Cloud Mobility For Dell Emc Storage
NVD
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy