Skip to main content
CVE-2022-42744 CRITICAL POC Act Now

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Candidats
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-43109 CRITICAL POC Act Now

D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-43108 CRITICAL POC Act Now

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac23 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43107 CRITICAL POC Act Now

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac23 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43106 CRITICAL POC Act Now

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac23 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43105 CRITICAL POC Act Now

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac23 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43104 CRITICAL POC Act Now

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac23 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43103 CRITICAL POC Act Now

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the list parameter in the formSetQosBand function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac23 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43102 CRITICAL POC Act Now

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac23 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43101 CRITICAL POC Act Now

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ac23 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-39382 CRITICAL POC PATCH Act Now

Keystone is a headless CMS for Node.js - built with GraphQL and React.`@keystone-6/core@3.0.0 || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Node.js Keystone
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-38168 CRITICAL POC Act Now

Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Scopia Pathfinder 10 Pts Firmware Scopia Pathfinder 20 Pts Firmware
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-22425 CRITICAL PATCH Act Now

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Code Injection Infosphere Information Server
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-39323 CRITICAL Act Now

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Glpi
NVD GitHub
CVSS 3.1
9.8
EPSS
34.3%
CVE-2022-40747 CRITICAL PATCH Act Now

"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Infosphere Information Server
NVD
CVSS 3.1
9.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy