Skip to main content
CVE-2022-34066 CRITICAL POC PATCH Act Now

The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to contain a code execution backdoor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Texercise
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-34065 CRITICAL POC Act Now

The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Rondolu Yt Concate
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-34061 CRITICAL POC PATCH Act Now

The Catly-Translate package in PyPI v0.0.3 to v0.0.5 was discovered to contain a code execution backdoor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Catly Translate
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-34060 CRITICAL POC Act Now

The Togglee package in PyPI version v0.0.8 was discovered to contain a code execution backdoor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Togglee
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-34059 CRITICAL POC Act Now

The Sixfab-Tool in PyPI v0.0.2 to v0.0.3 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Sixfab Tool
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-34056 CRITICAL POC Act Now

The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Watertools
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-34055 CRITICAL POC Act Now

The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Drxhello
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-34054 CRITICAL POC PATCH Act Now

The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Perdido
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-34053 CRITICAL POC Act Now

The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Dr Web Engine
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-33004 CRITICAL POC PATCH Act Now

The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Beginner
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-33003 CRITICAL POC Act Now

The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Watools
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-33002 CRITICAL POC Act Now

The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Explore
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-33001 CRITICAL POC Act Now

The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Aamiles
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-33000 CRITICAL POC PATCH Act Now

The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ml Scanner
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-32999 CRITICAL POC Act Now

The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cloudlabeling
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-32998 CRITICAL POC PATCH Act Now

The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cryptoasset Data Downloader
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-32997 CRITICAL POC PATCH Act Now

The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Rootinteractive
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-32996 CRITICAL POC PATCH Act Now

The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Django Navbar Client
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-30885 CRITICAL POC PATCH Act Now

The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Pyesasky
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-21231 CRITICAL POC Act Now

All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Deep Get Set
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-34064 CRITICAL Act Now

The Zibal package in PyPI v1.0.0 was discovered to contain a code execution backdoor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zibal
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-34057 CRITICAL Act Now

The Scoptrial package in PyPI version v0.0.5 was discovered to contain a code execution backdoor via the request package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Scoptrial
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-31767 CRITICAL Act Now

IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Command Injection Cics Tx
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2022-2120 CRITICAL Act Now

OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Dcmtk
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-2119 CRITICAL Act Now

OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Dcmtk
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-2104 CRITICAL Act Now

The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apache Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-28620 CRITICAL Act Now

A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Slingshot Firmware Cray Ex Supercomputers Firmware Cray Sh Supercomputer Air Cooled Base System Code Firmware Cray Sh Supercomputer Liquid Cooled Base System Code Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-23170 CRITICAL Act Now

SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF XXE Okta Sso
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-21829 CRITICAL PATCH Act Now

Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Concrete Cms
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-1668 CRITICAL Act Now

Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-1519 CRITICAL Act Now

LRM does not restrict the types of files that can be uploaded to the affected product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Local Run Manager
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-1518 CRITICAL Act Now

LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Local Run Manager
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-1517 CRITICAL Act Now

LRM utilizes elevated privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Local Run Manager
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-31806 CRITICAL Act Now

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-31802 CRITICAL Act Now

In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gateway
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-30117 CRITICAL PATCH Act Now

Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Concrete Cms
NVD
CVSS 3.1
9.1
EPSS
2.0%
CVE-2022-2105 CRITICAL Act Now

Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-2103 CRITICAL Act Now

An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-1521 CRITICAL Act Now

LRM does not implement authentication or authorization by default. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Local Run Manager
NVD
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy