Skip to main content
CVE-2022-25863 CRITICAL POC PATCH Act Now

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Gatsby
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-25845 CRITICAL POC PATCH THREAT Act Now

The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Fastjson Communications Cloud Native Core Unified Data Repository
NVD GitHub
CVSS 3.1
9.8
EPSS
17.8%
CVE-2022-24376 CRITICAL POC Act Now

All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Git Promise
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-24278 CRITICAL POC PATCH Act Now

The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Convert Svg
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-31788 CRITICAL POC THREAT Act Now

IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Idealms
NVD GitHub
CVSS 3.1
9.8
EPSS
14.3%
CVE-2022-32981 HIGH POC PATCH This Week

An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Buffer Overflow Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-24429 HIGH POC PATCH This Week

The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Convert Svg Core
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-2042 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Vim macOS
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-27502 HIGH POC This Week

RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Vnc Server
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-25851 HIGH POC PATCH This Week

The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jpeg Js
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-21211 HIGH POC This Week

This affects all versions of package posix. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Posix
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-32978 MEDIUM POC PATCH This Month

There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-31402 MEDIUM POC This Month

ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2022-32563 CRITICAL PATCH Act Now

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Sync Gateway
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-29095 CRITICAL Act Now

Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dell Supportassist For Business Pcs Supportassist For Home Pcs
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2022-31287 MEDIUM POC This Month

An issue was discovered in Bento4 v1.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-31285 MEDIUM POC This Month

An issue was discovered in Bento4 1.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-31282 MEDIUM POC This Month

Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation via an unknown address at /Source/C++/Core/Ap4DataBuffer.cpp:175. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-22479 HIGH PATCH This Week

IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Spectrum Copy Data Management
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-29948 MEDIUM POC This Month

Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lepinep Kp001 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2022-29092 HIGH This Week

Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Supportassist For Business Pcs Supportassist For Home Pcs
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-31043 HIGH PATCH This Week

Guzzle is an open source PHP HTTP client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle Drupal Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-31042 HIGH PATCH This Week

Guzzle is an open source PHP HTTP client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle Drupal Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-29094 HIGH This Week

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Path Traversal Supportassist For Business Pcs Supportassist For Home Pcs
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2022-29093 HIGH This Week

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Path Traversal Supportassist For Business Pcs Supportassist For Home Pcs
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2022-30611 MEDIUM PATCH This Month

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Spectrum Copy Data Management
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-31769 MEDIUM PATCH This Month

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM PostgreSQL Spectrum Copy Data Management
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-30610 MEDIUM PATCH This Month

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Spectrum Copy Data Management
NVD
CVSS 3.1
4.5
EPSS
0.5%
CVE-2022-22426 LOW PATCH Monitor

IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Authentication Bypass IBM Spectrum Copy Data Management
NVD
CVSS 3.1
3.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy