Skip to main content
CVE-2022-44938 CRITICAL POC Act Now

Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Seeddms
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-45506 CRITICAL POC Act Now

Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-45497 CRITICAL POC Act Now

Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection W6 S Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-4354 CRITICAL POC Act Now

A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pb Cms
NVD VulDB
CVSS 3.1
9.6
EPSS
0.5%
CVE-2022-4364 MEDIUM POC THREAT This Month

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%.

Command Injection PHP Flir Ax8 Firmware
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
13.4%
CVE-2022-4366 HIGH POC PATCH This Week

Missing Authorization in GitHub repository lirantal/daloradius prior to master branch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Daloradius
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-45525 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45524 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45523 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45522 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45521 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45520 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45519 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45518 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45517 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45516 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45515 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the entries parameter at /goform/addressNat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45514 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/webExcptypemanFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45513 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/P2pListFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45512 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeEmailFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45511 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the PPPOEPassword parameter at /goform/QuickIndex. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45510 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45509 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45508 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45507 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-45505 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45504 HIGH POC THREAT This Week

An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass W6 S Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
18.3%
CVE-2022-45503 HIGH POC This Week

Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W6 S Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45501 HIGH POC This Week

Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W6 S Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45499 HIGH POC This Week

Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W6 S Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45498 HIGH POC This Week

An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass W6 S Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-44932 HIGH POC This Week

An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass A18 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-44931 HIGH POC This Week

Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow A18 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-4349 MEDIUM POC This Month

A vulnerability classified as problematic has been found in CTF-hacker pwn. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Authentication Bypass Pwn
NVD VulDB
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-38599 MEDIUM POC This Month

Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Teleport
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-23469 MEDIUM POC PATCH This Month

Traefik is an open source HTTP reverse proxy and load balancer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Traefik
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-4261 MEDIUM POC This Month

Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insightvm Nexpose
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-4350 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mcms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4348 MEDIUM POC This Month

A vulnerability was found in y_project RuoYi-Cloud. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ruoyi Cloud
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4291 CRITICAL Act Now

The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Script Shield
NVD
CVSS 3.1
10.0
EPSS
0.4%
CVE-2022-33186 CRITICAL Act Now

A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-4353 MEDIUM POC This Month

A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pb Cms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-4347 MEDIUM POC This Month

A vulnerability was found in xiandafu beetl-bbs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Beetl Bbs
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40939 MEDIUM POC This Month

In certain Secustation products the administrator account password can be read. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Secustation Firmware
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2022-46829 HIGH This Week

In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jetbrains Gateway
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-3260 MEDIUM POC This Month

The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openshift
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-46792 HIGH PATCH This Week

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass PostgreSQL Graphql Engine
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-3262 HIGH This Week

A flaw was found in Openshift. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openshift
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-37918 HIGH This Week

Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Airwave
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-37917 HIGH This Week

Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Airwave
NVD
CVSS 3.1
8.1
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy