Skip to main content
CVE-2022-0686 CRITICAL POC PATCH Act Now

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Url Parse
NVD GitHub
CVSS 3.1
9.1
EPSS
1.8%
CVE-2022-23848 CRITICAL PATCH Act Now

In Alluxio before 2.7.3, the logserver does not validate the input stream. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Alluxio
NVD
CVSS 3.1
9.8
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy