Skip to main content
CVE-2022-0845 CRITICAL POC PATCH Act Now

Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Pytorch Lightning
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-25069 CRITICAL POC PATCH Act Now

Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to perform remote code execution (RCE) via injecting a crafted payload into. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Marktext
NVD GitHub
CVSS 3.1
9.6
EPSS
1.8%
CVE-2022-25465 HIGH POC This Week

Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Espruino
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-25044 HIGH POC PATCH This Week

Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Espruino
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-0849 MEDIUM POC PATCH This Month

Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-25312 CRITICAL PATCH Act Now

An XML external entity (XXE) injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions < 2.7. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache XXE Any23
NVD
CVSS 3.1
9.1
EPSS
2.8%
CVE-2022-24921 HIGH PATCH This Week

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Astra Trident Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy