Skip to main content
CVE-2022-2992 CRITICAL POC THREAT Emergency

A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Gitlab
NVD GitHub
CVSS 3.1
9.9
EPSS
86.2%
CVE-2022-42149 CRITICAL POC Act Now

kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Kkfileview
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-0699 CRITICAL POC PATCH Act Now

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Shapelib
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42237 CRITICAL POC Act Now

A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Merchandise Online Store
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42171 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42170 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42169 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42168 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42167 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42166 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42154 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload 74Cmsse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42165 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42164 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42163 CRITICAL POC Act Now

Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-42980 CRITICAL POC Act Now

go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Go Admin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-32176 CRITICAL POC Act Now

In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gin Vue Admin
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2022-40055 CRITICAL Act Now

An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges via a brute force attack at the login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Gpon Ont Titanium 2122A Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-2884 CRITICAL POC THREAT Act Now

A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Gitlab Command Injection
NVD Exploit-DB
CVSS 3.1
9.9
EPSS
75.7%
CVE-2022-23770 CRITICAL Act Now

This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Smart Wing Cms
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-23769 CRITICAL Act Now

Remote code execution vulnerability due to insufficient user privilege verification in reverseWall-MDS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Reversewall Mds
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-22128 CRITICAL Act Now

Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Tableau Server
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-2052 CRITICAL Act Now

Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Job Order Interface Oseon Trutops Boost +2
NVD
CVSS 3.1
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy