Skip to main content
CVE-2022-38326 CRITICAL POC Act Now

Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac15 Firmware Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-38325 CRITICAL POC Act Now

Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Ac15 Firmware Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-37861 CRITICAL POC Act Now

There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tws 100 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-38352 CRITICAL POC THREAT Act Now

ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Thinkphp
NVD GitHub
CVSS 3.1
9.8
EPSS
20.2%
CVE-2022-37257 CRITICAL Act Now

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node.js Prototype Pollution Steal
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-37264 CRITICAL Act Now

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prototype Pollution Steal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-2471 CRITICAL Act Now

Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Cs C6N A0 1C2Wfr Firmware Cs Db1C A0 1E2W2Fr Firmware Cs C6N B0 1G2Wf Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-37266 CRITICAL Act Now

Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prototype Pollution Steal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-38789 CRITICAL Act Now

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Air 4920 Firmware Air 4921 Firmware Air 4971 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy