Skip to main content
CVE-2022-36536 CRITICAL POC Act Now

An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Syncovery
NVD VulDB
CVSS 3.1
9.8
EPSS
5.2%
CVE-2022-37258 CRITICAL POC Act Now

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Node.js Steal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-38621 CRITICAL POC THREAT Act Now

Doufox v0.0.4 was discovered to contain a remote code execution (RCE) vulnerability via the edit file page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Doufox
NVD GitHub
CVSS 3.1
9.8
EPSS
24.1%
CVE-2022-38831 CRITICAL POC Act Now

Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Rx9 Pro Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38830 CRITICAL POC Act Now

Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Rx9 Pro Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38829 CRITICAL POC Act Now

Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Rx9 Pro Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-38828 CRITICAL POC THREAT Act Now

TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
19.3%
CVE-2022-38827 CRITICAL POC THREAT Act Now

TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow T6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
12.0%
CVE-2022-38826 CRITICAL POC Act Now

In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-38823 CRITICAL POC Act Now

In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass T6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-26959 CRITICAL POC Act Now

There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Northstar Club Management
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40300 CRITICAL PATCH Act Now

Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Zoho SQLi Manageengine Access Manager Plus Manageengine Pam360 Manageengine Password Manager Pro
NVD
CVSS 3.1
9.8
EPSS
99.3%
CVE-2022-35939 CRITICAL PATCH Act Now

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-3214 CRITICAL Act Now

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-39009 CRITICAL Act Now

The WLAN module has a vulnerability in permission verification. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-39007 CRITICAL Act Now

The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-39002 CRITICAL Act Now

Double free vulnerability in the storage module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-39000 CRITICAL Act Now

The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-38999 CRITICAL Act Now

The AOD module has the improper update of reference count vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-25708 CRITICAL Act Now

Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobile. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 8 Gen1 5g Firmware Sd888 5G Firmware Sm7450 Firmware +14
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-25688 CRITICAL Act Now

Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +147
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-25686 CRITICAL Act Now

Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Apq8017 Firmware Apq8053 Firmware Aqt1000 Firmware +104
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2022-22105 CRITICAL Act Now

Memory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Apq8009 Firmware Apq8017 Firmware +49
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-35938 CRITICAL PATCH Act Now

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2022-35937 CRITICAL PATCH Act Now

TensorFlow is an open source platform for machine learning. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Tensorflow
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2022-39008 CRITICAL Act Now

The NFC module has bundle serialization/deserialization vulnerabilities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2022-39003 CRITICAL Act Now

Buffer overflow vulnerability in the video framework. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Magic Ui
NVD
CVSS 3.1
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy