Skip to main content
CVE-2022-2112 HIGH POC PATCH This Week

Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Inventree
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-2111 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Inventree
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-25871 HIGH POC This Week

All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Querymen
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-25856 HIGH POC PATCH This Week

The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Argo Events
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-25852 HIGH POC PATCH This Week

All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Node.js Libpq Pg Native
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-25345 HIGH POC PATCH This Week

All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-22138 HIGH POC This Week

All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fast String Search
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-21213 HIGH POC PATCH This Week

This affects all versions of package mout. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Mout
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-32276 HIGH POC This Week

Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Grafana
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2022-33912 HIGH This Week

A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Debian Checkmk
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-45025 HIGH This Week

ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ags Zena
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-31083 HIGH PATCH This Week

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Node.js Apple Parse Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-33915 HIGH This Week

Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Race Condition Apache Java Hotpatch
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy