Skip to main content
CVE-2022-25863 CRITICAL POC PATCH Act Now

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Gatsby
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-25845 CRITICAL POC PATCH THREAT Act Now

The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Fastjson Communications Cloud Native Core Unified Data Repository
NVD GitHub
CVSS 3.1
9.8
EPSS
17.8%
CVE-2022-24376 CRITICAL POC Act Now

All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Git Promise
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-24278 CRITICAL POC PATCH Act Now

The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Convert Svg
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-31788 CRITICAL POC THREAT Act Now

IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Idealms
NVD GitHub
CVSS 3.1
9.8
EPSS
14.3%
CVE-2022-32563 CRITICAL PATCH Act Now

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Sync Gateway
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-29095 CRITICAL Act Now

Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dell Supportassist For Business Pcs Supportassist For Home Pcs
NVD
CVSS 3.1
9.6
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy