Skip to main content
CVE-2022-0686 CRITICAL POC PATCH Act Now

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Url Parse
NVD GitHub
CVSS 3.1
9.1
EPSS
1.8%
CVE-2022-25372 HIGH POC PATCH This Week

Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Microsoft Pritunl Client Electron
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-0685 HIGH POC PATCH This Week

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Vim Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.7%
CVE-2022-23848 CRITICAL PATCH Act Now

In Alluxio before 2.7.3, the logserver does not validate the input stream. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Alluxio
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-0688 MEDIUM POC PATCH This Month

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Microweber
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%
CVE-2022-23054 MEDIUM PATCH This Month

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openmct
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-23053 MEDIUM PATCH This Month

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openmct
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-22126 MEDIUM PATCH This Month

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Web Page” element, that allows the injection of malicious JavaScript into the ‘URL’ field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openmct
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-25375 MEDIUM PATCH This Month

An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy