Skip to main content
CVE-2022-40876 CRITICAL POC Act Now

In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda RCE Buffer Overflow Ax1803 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-39976 CRITICAL POC Act Now

School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /modules/announcement/index.php?view=edit&id=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Activity Updates With Sms Notification
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-43367 CRITICAL POC Act Now

IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ew9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2022-3386 CRITICAL Act Now

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow R Seenet
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-3385 CRITICAL Act Now

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow R Seenet
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-3095 CRITICAL Act Now

The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dart Software Development Kit Flutter
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-39365 CRITICAL PATCH Act Now

Pimcore is an open source data and experience management platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Pimcore
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-3714 CRITICAL Act Now

A vulnerability classified as critical has been found in SourceCodester Online Medicine Ordering System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Online Medicine Ordering System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-2782 CRITICAL Act Now

In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Server
NVD
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy