Skip to main content
CVE-2022-46020 CRITICAL POC THREAT Act Now

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Wbce Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
39.0%
CVE-2022-46538 CRITICAL POC Act Now

Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection F1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-40624 CRITICAL POC THREAT Act Now

pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pfblockerng
NVD GitHub
CVSS 3.1
9.8
EPSS
17.1%
CVE-2022-25904 CRITICAL POC Act Now

All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Safe Eval
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-25171 CRITICAL POC PATCH Act Now

The package p4 before 0.0.7 are vulnerable to Command Injection via the run() function due to improper input sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection P4
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-47629 CRITICAL PATCH Act Now

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libksba Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-46327 CRITICAL PATCH Act Now

Some smartphones have configuration issues. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-46326 CRITICAL PATCH Act Now

Some smartphones have the out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46325 CRITICAL PATCH Act Now

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46324 CRITICAL PATCH Act Now

Some smartphones have the out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46323 CRITICAL PATCH Act Now

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46320 CRITICAL PATCH Act Now

The kernel module has an out-of-bounds read vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46319 CRITICAL PATCH Act Now

Fingerprint calibration has a vulnerability of lacking boundary judgment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46316 CRITICAL PATCH Act Now

A thread security vulnerability exists in the authentication process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-23542 CRITICAL PATCH Act Now

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Openfga
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-23537 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Pjsip Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-46421 CRITICAL PATCH Act Now

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Command Injection Apache Airflow Providers Apache Hive
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy