Skip to main content
CVE-2022-25301 CRITICAL POC Act Now

All versions of package jsgui-lang-essentials are vulnerable to Prototype Pollution due to allowing all Object attributes to be altered, including their magical attributes such as proto, constructor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Jsgui Lang Essentials
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-25842 CRITICAL POC PATCH Act Now

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal One Java Agent
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-25767 CRITICAL POC Act Now

All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Ureport2
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-24437 CRITICAL POC PATCH Act Now

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Git Pull Or Clone
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2022-23923 CRITICAL POC Act Now

All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert() method which can access the main application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jailed
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-22143 CRITICAL POC PATCH Act Now

The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Convict
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-21189 CRITICAL POC PATCH Act Now

The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPath(obj, keyPath, value) function which does not properly check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Dexie
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-28481 CRITICAL POC PATCH Act Now

CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Csv Safe
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-21167 CRITICAL Act Now

All versions of package masuit.tools.core are vulnerable to Arbitrary Code Execution via the ReceiveVarData<T> function in the SocketClient.cs component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Masuit Tools
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy