Skip to main content
CVE-2022-45942 HIGH POC THREAT This Week

A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Command Injection Baijiacms
NVD GitHub
CVSS 3.1
8.8
EPSS
22.0%
CVE-2022-42046 HIGH POC This Week

wfshbr64.sys and wfshbr32.sys specially crafted IOCTL allows arbitrary user to perform local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Heaven Burns Red
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-4515 HIGH POC This Week

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Exuberant Ctags Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-47578 HIGH POC This Week

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Device Control Plus
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-47577 HIGH POC This Week

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zoho Microsoft Authentication Bypass Manageengine Device Control Plus
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-38873 HIGH POC This Week

D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Dap 2310 Firmware Dap 2330 Firmware Dap 2360 Firmware +6
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-46076 HIGH POC This Week

D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 869Ax Firmware Dir 869 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-46551 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the time parameter at /goform/saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46550 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the urls parameter at /goform/saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46549 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46548 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/DhcpListClient. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46547 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/VirtualSer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46546 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/RouteStatic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46545 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46544 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the cmdinput parameter at /goform/exeCommand. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46543 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the mitInterface parameter at /goform/addressNat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46542 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/addressNat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46541 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the ssid parameter at /goform/fast_setting_wifi_set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46540 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/addressNat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46539 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the security_5g parameter at /goform/WifiBasicSet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46537 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the security parameter at /goform/WifiBasicSet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46536 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the limitSpeedUp parameter at /goform/SetClientState. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46535 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/SetClientState. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46534 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the speed_dir parameter at /goform/SetSpeedWan. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46533 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the limitSpeed parameter at /goform/SetClientState. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46532 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceMac parameter at /goform/addWifiMacFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46531 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/addWifiMacFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46530 HIGH POC This Week

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the mac parameter at /goform/GetParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-45666 HIGH POC This Week

Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow I22 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-45665 HIGH POC This Week

Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow I22 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-25940 HIGH POC This Week

All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lite Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25931 HIGH POC This Week

All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Easy Static Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-46914 HIGH This Week

An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wa801N Firmware Tl Wa801Nd V1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-46912 HIGH This Week

An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wr841n Firmware Tl Wr841Nd V7 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-46910 HIGH This Week

An issue in the firmware update process of TP-Link TL-WA901ND V1 up to v3.11.2 and TL-WA901N V2 up to v3.12.16 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wa901N Firmware Tl Wa901Nd V1 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-46435 HIGH This Week

An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up to 3.13.9 and TL-WR941ND V4 up to 3.12.8 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wr941Nd V2 Firmware Tl Wr941Nd V3 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-44643 HIGH PATCH This Week

A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Grafana Enterprise Metrics
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-38733 HIGH This Week

OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerability in the Data Warehouse component. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oncommand Insight
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2022-46424 HIGH This Week

An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Denial Of Service Netgear Xwn5001 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-46423 HIGH This Week

An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Denial Of Service Netgear Wnr2000 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-46328 HIGH PATCH This Week

Some smartphones have the input validation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-46322 HIGH PATCH This Week

Some smartphones have the out-of-bounds write vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-46321 HIGH PATCH This Week

The Wi-Fi module has a vulnerability in permission verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-46317 HIGH PATCH This Week

The power consumption module has an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-46315 HIGH PATCH This Week

The ProfileSDK has defects introduced in the design process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-46314 HIGH PATCH This Week

The IPC module has defects introduced in the design process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-46312 HIGH PATCH This Week

The application management module has a vulnerability in permission verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-46311 HIGH PATCH This Week

The contacts component has a free (undefined) provider vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Use After Free Memory Corruption Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-46310 HIGH PATCH This Week

The TelephonyProvider module has a vulnerability in obtaining values.Successful exploitation of this vulnerability may affect data confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41599 HIGH PATCH This Week

The system service has a vulnerability that causes incorrect return values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy