Skip to main content
CVE-2022-22956 CRITICAL POC PATCH THREAT Act Now

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

VMware Authentication Bypass Identity Manager Vrealize Automation Workspace One Access
NVD GitHub
CVSS 3.1
9.8
EPSS
50.7%
CVE-2022-24816 CRITICAL POC KEV PATCH THREAT Act Now

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Java RCE Code Injection Jai Ext
NVD GitHub
CVSS 3.1
10.0
EPSS
98.7%
CVE-2022-24845 CRITICAL POC PATCH Act Now

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Vyper
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-1345 CRITICAL POC PATCH Act Now

Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Information Disclosure Organizr
NVD GitHub
CVSS 3.1
9.0
EPSS
1.0%
CVE-2022-1346 CRITICAL POC PATCH Act Now

Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Information Disclosure Organizr
NVD GitHub
CVSS 3.1
9.0
EPSS
1.0%
CVE-2022-1344 CRITICAL POC PATCH Act Now

Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Information Disclosure Organizr
NVD GitHub
CVSS 3.1
9.0
EPSS
1.0%
CVE-2022-27479 CRITICAL PATCH Act Now

Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SQLi Superset
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-24788 CRITICAL PATCH Act Now

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Vyper
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-22955 CRITICAL PATCH Act Now

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

VMware Authentication Bypass Identity Manager Vrealize Automation Workspace One Access
NVD
CVSS 3.1
9.8
EPSS
8.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy