Skip to main content
CVE-2022-46642 CRITICAL POC Act Now

D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846 Firmware
NVD GitHub
CVSS 3.1
9.9
EPSS
3.1%
CVE-2022-46641 CRITICAL POC Act Now

D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846 Firmware
NVD GitHub
CVSS 3.1
9.9
EPSS
3.1%
CVE-2022-47945 CRITICAL POC PATCH THREAT Act Now

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal PHP Thinkphp
NVD GitHub
CVSS 3.1
9.8
EPSS
15.5%
CVE-2022-45711 CRITICAL POC THREAT Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the hostname parameter in the formSetNetCheckTools function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
20.2%
CVE-2022-4686 CRITICAL POC PATCH Act Now

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-45721 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the picName parameter in the formDelWewifiPic function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45720 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the ip, mac, and remark parameters in the formIPMacBindModify function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45719 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the gotoUrl parameter in the formPortalAuth function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45718 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formIPMacBindAdd function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45717 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-45716 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formIPMacBindDel function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45715 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pLanPortRange and pWanPortRange parameters in the formSetPortMapping function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45714 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formQOSRuleDel function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45712 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formAddDnsForward function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45710 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45709 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection vulnerabilities via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-45708 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the sPortMapIndex parameter in the formDelPortMapping function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45707 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formAddDnsHijack function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45706 CRITICAL Act Now

IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the hostname parameter in the formSetNetCheckTools function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow M50 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-47939 CRITICAL PATCH Act Now

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Linux Use After Free Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
9.8
EPSS
46.4%
CVE-2022-44567 CRITICAL Act Now

A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection XSS Rocket Chat
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-23547 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Pjsip
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-28228 CRITICAL Act Now

Out-of-bounds read was discovered in YDB server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Ydb
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-47931 CRITICAL PATCH Act Now

IO FinNet tss-lib before 2.0.0 allows a collision of hash values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tss Lib
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy