Skip to main content
CVE-2022-31787 CRITICAL POC Act Now

IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ideatms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-31361 CRITICAL POC Act Now

Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Docebo
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-33127 CRITICAL PATCH Act Now

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Diffy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-32554 CRITICAL Act Now

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Purity Fa Purity Fb
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-32535 CRITICAL Act Now

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Pra Es8P2S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-32534 CRITICAL Act Now

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Pra Es8P2S Firmware
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-22980 CRITICAL PATCH Act Now

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Code Injection Spring Data Mongodb
NVD
CVSS 3.1
9.8
EPSS
16.9%
CVE-2022-34181 CRITICAL PATCH Act Now

Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Xunit
NVD
CVSS 3.1
9.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy