Skip to main content
CVE-2022-32845 CRITICAL POC Act Now

This issue was addressed with improved checks. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
10.0
EPSS
4.4%
CVE-2022-40122 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer_action.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40121 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/manage_customers.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40120 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/customer_transactions.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40119 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40118 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds_action.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40117 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_customer.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40116 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40115 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40114 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40113 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36944 CRITICAL POC PATCH Act Now

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Java Scala Scala Collection Compat +1
NVD GitHub
CVSS 3.1
9.8
EPSS
8.3%
CVE-2022-40868 CRITICAL POC Act Now

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W20e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40867 CRITICAL POC Act Now

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W20e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40866 CRITICAL POC Act Now

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W20e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40855 CRITICAL POC THREAT Act Now

Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption RCE Tenda +1
NVD GitHub
CVSS 3.1
9.8
EPSS
13.5%
CVE-2022-40854 CRITICAL POC Act Now

Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40851 CRITICAL POC Act Now

Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
9.5%
CVE-2022-40869 CRITICAL POC Act Now

Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list"). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40865 CRITICAL POC Act Now

Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40864 CRITICAL POC Act Now

Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40862 CRITICAL POC Act Now

Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40860 CRITICAL POC Act Now

Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40853 CRITICAL POC Act Now

Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-3236 CRITICAL POC KEV THREAT Act Now

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sophos Code Injection Firewall
NVD
CVSS 3.1
9.8
EPSS
98.9%
CVE-2022-3269 CRITICAL POC PATCH Act Now

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Session Fixation Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-38573 CRITICAL POC Act Now

10-Strike Network Inventory Explorer v9.3 was discovered to contain a buffer overflow via the Add Computers function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Network Inventory Explorer
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-2347 HIGH POC CISA Act Now

There exists an unchecked length field in UBoot. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow U Boot
NVD
CVSS 3.1
7.7
EPSS
0.0%
Threat
5.0
CVE-2022-35248 HIGH POC This Week

A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-32211 HIGH POC This Week

A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rocket Chat
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-36338 HIGH POC This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Insydeh2o
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2022-30426 HIGH POC This Week

There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Altos T110 F3 Firmware Ap130 F2 Firmware +32
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-27492 HIGH POC This Week

An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Whatsapp
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-41322 HIGH POC PATCH This Week

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Kitty Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38936 HIGH POC This Week

An issue has been found in PBC through 2022-8-27. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pbc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-40861 HIGH POC This Week

Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40093 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_tax.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours And Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40092 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_payment.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours And Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-40091 HIGH POC This Week

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_packages.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours And Travels Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-30124 MEDIUM POC This Month

An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2022-32227 MEDIUM POC This Month

A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-32220 MEDIUM POC This Month

An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-3257 MEDIUM POC PATCH This Month

Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-40359 MEDIUM POC This Month

Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kfm
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-40630 CRITICAL Act Now

This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper session management in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation En6200 Prime Quad 35 Firmware En6200 Prime Quad 100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40100 CRITICAL Act Now

Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Command Injection I9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-40628 CRITICAL Act Now

This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper control of code generation in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection En6200 Prime Quad 35 Firmware En6200 Prime Quad 100 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-38742 CRITICAL Act Now

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell RCE Heap Overflow Buffer Overflow Thinmanager
NVD
CVSS 3.1
9.8
EPSS
21.8%
CVE-2022-2972 CRITICAL Act Now

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Libiec61850
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-2970 CRITICAL Act Now

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Libiec61850
NVD
CVSS 3.1
9.8
EPSS
1.1%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy