Skip to main content
CVE-2022-25645 HIGH POC PATCH This Week

All versions of package dset are vulnerable to Prototype Pollution via 'dset/merge' mode, as the dset function checks for prototype pollution by validating if the top-level path contains __proto__,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Prototype Pollution Dset
NVD GitHub
CVSS 3.1
8.1
EPSS
1.8%
CVE-2022-1544 HIGH POC PATCH This Week

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Yii Helpers
NVD GitHub
CVSS 3.1
7.8
EPSS
2.3%
CVE-2022-26068 HIGH POC This Week

This affects the package pistacheio/pistache before 0.0.3.20220425. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Pistache
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-25850 HIGH POC PATCH This Week

The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Proxyscotch
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-25844 HIGH POC This Week

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Angularjs Fedora Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2022-21144 HIGH POC PATCH This Week

This affects all versions of package libxmljs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libxmljs
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-25647 HIGH PATCH This Week

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required.

Deserialization Google Gson Debian Linux Active Iq Unified Manager +3
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
2.8%
CVE-2022-21227 HIGH PATCH This Week

The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sqlite3
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy