Skip to main content
CVE-2022-4366 HIGH POC PATCH This Week

Missing Authorization in GitHub repository lirantal/daloradius prior to master branch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Daloradius
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-45525 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45524 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45523 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45522 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45521 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45520 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45519 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45518 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45517 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45516 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45515 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the entries parameter at /goform/addressNat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45514 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/webExcptypemanFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45513 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/P2pListFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45512 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeEmailFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45511 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the PPPOEPassword parameter at /goform/QuickIndex. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45510 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45509 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45508 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45507 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-45505 HIGH POC This Week

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45504 HIGH POC THREAT This Week

An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass W6 S Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
18.3%
CVE-2022-45503 HIGH POC This Week

Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W6 S Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45501 HIGH POC This Week

Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W6 S Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45499 HIGH POC This Week

Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow W6 S Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-45498 HIGH POC This Week

An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass W6 S Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-44932 HIGH POC This Week

An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass A18 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-44931 HIGH POC This Week

Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow A18 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-46829 HIGH This Week

In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jetbrains Gateway
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-46792 HIGH PATCH This Week

Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass PostgreSQL Graphql Engine
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-3262 HIGH This Week

A flaw was found in Openshift. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openshift
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-37918 HIGH This Week

Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Airwave
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-37917 HIGH This Week

Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Airwave
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-37916 HIGH This Week

Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Airwave
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-46828 HIGH This Week

In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Code Injection Intellij Idea
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-46824 HIGH This Week

In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Buffer Overflow Intellij Idea
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-44455 HIGH This Week

The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-39907 HIGH This Week

Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Samsung Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-3092 HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3084 HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23496 HIGH PATCH This Week

Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Yet Another Useragent Analyzer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-23495 HIGH PATCH This Week

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go Merkledag
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-39902 HIGH This Week

Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Exynos Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-23476 HIGH PATCH This Week

Nokogiri is an open source XML and HTML library for the Ruby programming language. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Nokogiri
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-23492 HIGH PATCH This Week

go-libp2p is the offical libp2p implementation in the Go programming language. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Libp2P
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-39908 HIGH This Week

TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Samsung Buffer Overflow Android
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2022-41948 HIGH This Week

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dhis 2
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy