Skip to main content
CVE-2022-32845 CRITICAL POC Act Now

This issue was addressed with improved checks. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
10.0
EPSS
4.4%
CVE-2022-40122 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer_action.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40121 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/manage_customers.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40120 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/customer_transactions.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40119 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40118 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds_action.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40117 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_customer.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40116 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40115 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40114 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-40113 CRITICAL POC Act Now

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/send_funds.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-36944 CRITICAL POC PATCH Act Now

Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Java Scala Scala Collection Compat +1
NVD GitHub
CVSS 3.1
9.8
EPSS
8.3%
CVE-2022-40868 CRITICAL POC Act Now

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W20e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40867 CRITICAL POC Act Now

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W20e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40866 CRITICAL POC Act Now

Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W20e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40855 CRITICAL POC THREAT Act Now

Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption RCE Tenda +1
NVD GitHub
CVSS 3.1
9.8
EPSS
13.5%
CVE-2022-40854 CRITICAL POC Act Now

Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40851 CRITICAL POC Act Now

Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
9.5%
CVE-2022-40869 CRITICAL POC Act Now

Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list"). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40865 CRITICAL POC Act Now

Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40864 CRITICAL POC Act Now

Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40862 CRITICAL POC Act Now

Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-40860 CRITICAL POC Act Now

Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-40853 CRITICAL POC Act Now

Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-3236 CRITICAL POC KEV THREAT Act Now

A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sophos Code Injection Firewall
NVD
CVSS 3.1
9.8
EPSS
98.9%
CVE-2022-3269 CRITICAL POC PATCH Act Now

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Session Fixation Rdiffweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-38573 CRITICAL POC Act Now

10-Strike Network Inventory Explorer v9.3 was discovered to contain a buffer overflow via the Add Computers function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Network Inventory Explorer
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-40630 CRITICAL Act Now

This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper session management in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation En6200 Prime Quad 35 Firmware En6200 Prime Quad 100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40100 CRITICAL Act Now

Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Command Injection I9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-40628 CRITICAL Act Now

This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to improper control of code generation in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection En6200 Prime Quad 35 Firmware En6200 Prime Quad 100 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-38742 CRITICAL Act Now

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell RCE Heap Overflow Buffer Overflow Thinmanager
NVD
CVSS 3.1
9.8
EPSS
21.8%
CVE-2022-2972 CRITICAL Act Now

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Libiec61850
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-2970 CRITICAL Act Now

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Libiec61850
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-2070 CRITICAL POC Act Now

In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Gds3710 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
4.4%
CVE-2022-2025 CRITICAL POC Act Now

an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Gds3710 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
4.1%
CVE-2022-26112 CRITICAL PATCH Act Now

In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Apache Code Injection Pinot
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-35951 CRITICAL Act Now

Redis is an in-memory database that persists on disk. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Redis RCE Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-37235 CRITICAL Act Now

Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Netgear Buffer Overflow R7000 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-37232 CRITICAL Act Now

Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Netgear Buffer Overflow Wnr2000V4 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-32847 CRITICAL Act Now

This issue was addressed with improved checks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
9.1
EPSS
2.6%
CVE-2022-23144 CRITICAL Act Now

There is a broken access control vulnerability in ZTE ZXvSTB product. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zte Zxa10 B76Hv3 Firmware Zxa10 B766V2 Firmware Zxa10 B800V2 Firmware +12
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-39227 CRITICAL PATCH Act Now

python-jwt is a module for generating and verifying JSON Web Tokens. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Python Python Jwt
NVD GitHub
CVSS 3.1
9.1
EPSS
3.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy