Skip to main content
CVE-2022-1952 CRITICAL POC THREAT Act Now

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress File Upload Easync
NVD WPScan
CVSS 3.1
9.8
EPSS
23.5%
CVE-2022-1057 CRITICAL POC Act Now

The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Pricing Deals For Woocommerce
NVD WPScan
CVSS 3.1
9.8
EPSS
7.9%
CVE-2022-2368 CRITICAL POC PATCH Act Now

Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Microweber
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-31588 CRITICAL POC Act Now

The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Testplatform
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31587 CRITICAL POC Act Now

The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Kg Fashion Chatbot
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31586 CRITICAL POC Act Now

The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Changepop Back
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31585 CRITICAL POC Act Now

The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Home Internet
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31584 CRITICAL POC Act Now

The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal S3Label
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31583 CRITICAL POC Act Now

The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Automatedquizeval
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31582 CRITICAL POC Act Now

The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Videoserver
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31581 CRITICAL POC Act Now

The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Openmf
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31580 CRITICAL POC Act Now

The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Caretakerr Api
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31576 CRITICAL POC Act Now

The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Shackerpanel
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31575 CRITICAL POC Act Now

The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Livro Python
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31574 CRITICAL POC Act Now

The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Realestate
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31573 CRITICAL POC Act Now

The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Chainerrl Visualizer
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31572 CRITICAL POC Act Now

The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Cockybook
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31571 CRITICAL POC Act Now

The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Python Flask Restful Api
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31568 CRITICAL POC Act Now

The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Rex Web
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31567 CRITICAL POC Act Now

The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Data Stream Algorithm Benchmark
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31556 CRITICAL POC Act Now

The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Trainenergyserver
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31555 CRITICAL POC Act Now

The romain20100/nursequest repository through 2018-02-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Nurse Quest
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31554 CRITICAL POC Act Now

The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Movie Review Sentiment Analysis
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31553 CRITICAL POC Act Now

The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Sleep Learner
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31552 CRITICAL POC Act Now

The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Anuvaad Corpus
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31551 CRITICAL POC Act Now

The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Flask Mongo Skel
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31550 CRITICAL POC Act Now

The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Python Athena Stack
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31549 CRITICAL POC PATCH Act Now

The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Helm Flask Celery
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31548 CRITICAL POC Act Now

The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Homepage
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31547 CRITICAL POC Act Now

The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Sphere
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31546 CRITICAL POC Act Now

The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Glance
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31545 CRITICAL POC Act Now

The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Modelconverter
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31544 CRITICAL POC Act Now

The meerstein/rbtm repository through 1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Robo Tom
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31543 CRITICAL POC Act Now

The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Setupbox
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31542 CRITICAL POC Act Now

The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mdweb
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31541 CRITICAL POC Act Now

The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Barry Voice Assistant
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31540 CRITICAL POC Act Now

The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Hin Eng Preprocessing
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31539 CRITICAL POC Act Now

The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Kotekan
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31538 CRITICAL POC Act Now

The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mp M08 Interface
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31537 CRITICAL POC Act Now

The jmcginty15/Solar-system-simulator repository through 2021-07-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Solar System Simulator
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31536 CRITICAL POC Act Now

The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Ytdl Sync
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31535 CRITICAL POC Act Now

The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Fishtank
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31534 CRITICAL POC Act Now

The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Pythonweb
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31533 CRITICAL POC Act Now

The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Umbral
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31532 CRITICAL POC Act Now

The dankolbman/travel_blahg repository through 2016-01-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Travel Blahg
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31531 CRITICAL POC Act Now

The dainst/cilantro repository through 0.0.4 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Cilantro
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31530 CRITICAL POC Act Now

The csm-aut/csm repository through 3.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Csm Server
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31529 CRITICAL POC Act Now

The cinemaproject/monorepo repository through 2021-03-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Monorepo
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31528 CRITICAL POC Act Now

The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Bonn Activity Maps Annotation Tool
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31527 CRITICAL POC Act Now

The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Flask File Server
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy