Skip to main content
CVE-2022-46020 CRITICAL POC THREAT Act Now

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Wbce Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
39.0%
CVE-2022-46538 CRITICAL POC Act Now

Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection F1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-40624 CRITICAL POC THREAT Act Now

pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pfblockerng
NVD GitHub
CVSS 3.1
9.8
EPSS
17.1%
CVE-2022-25904 CRITICAL POC Act Now

All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Safe Eval
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-25171 CRITICAL POC PATCH Act Now

The package p4 before 0.0.7 are vulnerable to Command Injection via the run() function due to improper input sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection P4
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-45942 HIGH POC THREAT This Week

A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Command Injection Baijiacms
NVD GitHub
CVSS 3.1
8.8
EPSS
22.0%
CVE-2022-42046 HIGH POC This Week

wfshbr64.sys and wfshbr32.sys specially crafted IOCTL allows arbitrary user to perform local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Heaven Burns Red
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-4515 HIGH POC This Week

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Exuberant Ctags Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-47578 HIGH POC This Week

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Device Control Plus
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-47577 HIGH POC This Week

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zoho Microsoft Authentication Bypass Manageengine Device Control Plus
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-38873 HIGH POC This Week

D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Dap 2310 Firmware Dap 2330 Firmware Dap 2360 Firmware +6
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-46076 HIGH POC This Week

D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 869Ax Firmware Dir 869 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-46551 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the time parameter at /goform/saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46550 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the urls parameter at /goform/saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46549 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46548 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/DhcpListClient. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46547 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/VirtualSer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46546 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/RouteStatic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46545 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46544 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the cmdinput parameter at /goform/exeCommand. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46543 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the mitInterface parameter at /goform/addressNat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46542 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/addressNat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46541 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the ssid parameter at /goform/fast_setting_wifi_set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46540 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/addressNat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46539 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the security_5g parameter at /goform/WifiBasicSet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46537 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the security parameter at /goform/WifiBasicSet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46536 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the limitSpeedUp parameter at /goform/SetClientState. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46535 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/SetClientState. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46534 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the speed_dir parameter at /goform/SetSpeedWan. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46533 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the limitSpeed parameter at /goform/SetClientState. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46532 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceMac parameter at /goform/addWifiMacFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46531 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/addWifiMacFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46530 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the mac parameter at /goform/GetParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-45666 HIGH POC This Week

Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow I22 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-45665 HIGH POC This Week

Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow I22 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-25940 HIGH POC This Week

All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lite Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25931 HIGH POC This Week

All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Easy Static Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-47629 CRITICAL PATCH Act Now

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libksba Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-46327 CRITICAL PATCH Act Now

Some smartphones have configuration issues. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-46326 CRITICAL PATCH Act Now

Some smartphones have the out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46325 CRITICAL PATCH Act Now

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46324 CRITICAL PATCH Act Now

Some smartphones have the out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46323 CRITICAL PATCH Act Now

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46320 CRITICAL PATCH Act Now

The kernel module has an out-of-bounds read vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46319 CRITICAL PATCH Act Now

Fingerprint calibration has a vulnerability of lacking boundary judgment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46316 CRITICAL PATCH Act Now

A thread security vulnerability exists in the authentication process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-23542 CRITICAL PATCH Act Now

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Openfga
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-23537 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Pjsip Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-46421 CRITICAL PATCH Act Now

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Command Injection Apache Airflow Providers Apache Hive
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-46914 HIGH This Week

An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wa801N Firmware Tl Wa801Nd V1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy