U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2022-37235 - Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat
    Published: September 22, 2022; 9:15:08 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-40250 - An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrar... read CVE-2022-40250
    Published: September 20, 2022; 2:15:10 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2022-40705 - ** UNSUPPORTED WHEN ASSIGNED ** An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later ve... read CVE-2022-40705
    Published: September 22, 2022; 5:15:09 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-34026 - ICEcoder v8.1 allows attackers to execute a directory traversal.
    Published: September 22, 2022; 2:15:09 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2021-27774 - User input included in error response, which could be used in a phishing attack.
    Published: September 22, 2022; 5:15:09 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2022-23458 - Toast UI Grid is a component to display and edit data. Versions prior to 4.21.3 are vulnerable to cross-site scripting attacks when pasting specially crafted content into editable cells. This issue was fixed in version 4.21.3. There are no known w... read CVE-2022-23458
    Published: September 22, 2022; 6:15:09 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2022-31937 - Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd.
    Published: September 22, 2022; 6:15:09 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-36934 - An integer overflow in WhatsApp could result in remote code execution in an established video call.
    Published: September 22, 2022; 6:15:09 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-38573 - 10-Strike Network Inventory Explorer v9.3 was discovered to contain a buffer overflow via the Add Computers function.
    Published: September 22, 2022; 8:15:09 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-40298 - Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the s... read CVE-2022-40298
    Published: September 22, 2022; 8:15:10 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2021-41803 - HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."
    Published: September 22, 2022; 9:15:08 PM -0400

    V3.1: 7.1 HIGH

  • CVE-2022-37232 - Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy.
    Published: September 22, 2022; 9:15:08 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-40851 - Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.
    Published: September 23, 2022; 11:15:14 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-40853 - Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set
    Published: September 23, 2022; 10:15:13 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-40860 - Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList
    Published: September 23, 2022; 10:15:13 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-40862 - Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting
    Published: September 23, 2022; 10:15:13 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-40864 - Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet
    Published: September 23, 2022; 10:15:13 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-40865 - Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/
    Published: September 23, 2022; 10:15:13 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-40869 - Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").
    Published: September 23, 2022; 10:15:13 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-35238 - Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress.
    Published: September 23, 2022; 11:15:13 AM -0400

    V3.1: 5.3 MEDIUM