Skip to main content
CVE-2022-31003 CRITICAL POC PATCH Act Now

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Heap Overflow Sofia Sip Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-1808 HIGH POC PATCH This Week

Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Trudesk
NVD GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2022-1931 HIGH POC PATCH This Week

Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Trudesk
NVD GitHub
CVSS 3.1
8.1
EPSS
2.0%
CVE-2022-1942 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora macOS +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-1934 HIGH POC PATCH This Week

Use After Free in GitHub repository mruby/mruby prior to 3.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Mruby
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-31005 HIGH POC PATCH This Week

Vapor is an HTTP web framework for Swift. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Vapor
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-31001 HIGH POC PATCH This Week

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Sofia Sip Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-31002 HIGH POC PATCH This Week

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Sofia Sip Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-1947 MEDIUM POC PATCH This Month

Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Trudesk
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-31015 MEDIUM POC PATCH This Month

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Python Information Disclosure Waitress
NVD GitHub
CVSS 3.1
5.9
EPSS
1.3%
CVE-2022-29245 MEDIUM POC PATCH This Month

SSH.NET is a Secure Shell (SSH) library for .NET. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft Information Disclosure Ssh Net
NVD GitHub
CVSS 3.1
5.9
EPSS
1.4%
CVE-2022-31013 CRITICAL PATCH Act Now

Chat Server is the chat server for Vartalap, an open-source messaging application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Chat Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-1893 MEDIUM POC PATCH This Month

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Trudesk
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-1926 MEDIUM POC PATCH This Month

Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Trudesk
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%
CVE-2022-31011 HIGH PATCH This Week

TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Tidb
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-23082 HIGH PATCH This Week

In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Curekit
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-31007 HIGH This Week

eLabFTW is an electronic lab notebook manager for research teams. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elabftw
NVD GitHub
CVSS 3.1
7.2
EPSS
26.1%
CVE-2022-29220 MEDIUM PATCH This Month

github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Github Action Merge Dependabot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-22361 MEDIUM PATCH This Month

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-29258 MEDIUM PATCH This Month

XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-30973 MEDIUM PATCH This Month

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Tika
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2022-29243 MEDIUM PATCH This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy