Skip to main content
CVE-2022-31526 CRITICAL POC Act Now

The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Thunderdocs
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31525 CRITICAL POC Act Now

The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Deep Learning Studio
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31524 CRITICAL POC Act Now

The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Pure Swagger
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31523 CRITICAL POC Act Now

The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Anakin
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31522 CRITICAL POC Act Now

The NotVinay/karaokey repository through 2019-12-11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Karaokey
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31521 CRITICAL POC Act Now

The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mosaic
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31520 CRITICAL POC Act Now

The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Logstash Management Api
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31519 CRITICAL POC Act Now

The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Windmill
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31518 CRITICAL POC Act Now

The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Python Recipe Database
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31517 CRITICAL POC Act Now

The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mercury Sample Manager
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31516 CRITICAL POC Act Now

The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Harveyzyh Python
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31515 CRITICAL POC Act Now

The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Carceresbe
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31514 CRITICAL POC Act Now

The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Fan Platform
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31513 CRITICAL POC Act Now

The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Krypton
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31512 CRITICAL POC Act Now

The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Flask Mvc
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31511 CRITICAL POC Act Now

The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Equanimity
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31510 CRITICAL POC PATCH Act Now

The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Simple Rat
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31509 CRITICAL POC Act Now

The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Usap Dc Web Submission And Dataset Search
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31508 CRITICAL POC PATCH Act Now

The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal E Voting
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31507 CRITICAL POC PATCH Act Now

The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Ganga
NVD GitHub
CVSS 3.1
9.3
EPSS
1.6%
CVE-2022-31506 CRITICAL POC PATCH Act Now

The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Opendiamond
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31505 CRITICAL POC Act Now

The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mercadoenlineaback
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31504 CRITICAL POC Act Now

The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Baiduwenkuspider Flaskweb
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31503 CRITICAL POC PATCH Act Now

The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Orchest
NVD GitHub
CVSS 3.1
9.3
EPSS
1.6%
CVE-2022-31502 CRITICAL POC PATCH Act Now

The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Wormnest
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31501 CRITICAL POC PATCH Act Now

The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Onyxforum
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31140 CRITICAL POC PATCH Act Now

Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service Information Disclosure Valinor
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-31138 HIGH POC PATCH This Week

mailcow is a mailserver suite. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Mailcow
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2022-35414 HIGH POC PATCH This Week

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Qemu Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-31073 HIGH POC PATCH This Week

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Kubeedge
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-31578 HIGH POC This Week

The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Bt Lnmp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-2091 MEDIUM POC This Month

The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Cache Images
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1732 MEDIUM POC This Month

The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF WordPress Rename Wp Login
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1599 MEDIUM POC This Month

The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Admin Management Xtended
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-1576 MEDIUM POC This Month

The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Maintenance Mode Coming Soon
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-2092 MEDIUM POC This Month

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Woocommerce Pdf Invoices Packing Slips
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1951 MEDIUM POC This Month

The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Core Plugin For Kitestudio Themes
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-1937 MEDIUM POC This Month

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users),. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Awin Data Feed
NVD WPScan
CVSS 3.1
6.1
EPSS
1.7%
CVE-2022-1910 MEDIUM POC This Month

The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD WPScan
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-1546 MEDIUM POC This Month

The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Woocommerce Product Importer
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-1474 MEDIUM POC This Month

The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Event Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1220 MEDIUM POC This Month

The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Foxyshop
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-35416 MEDIUM POC This Month

H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ssl Vpn
NVD GitHub
CVSS 3.1
6.1
EPSS
2.9%
CVE-2022-2302 CRITICAL Act Now

Multiple Lenze products of the cabinet series skip the password verification upon second login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C520 Firmware C550 Firmware C750 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-32294 CRITICAL Act Now

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Collaboration
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-31570 CRITICAL Act Now

The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Ceneo Web Scrapper
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1938 MEDIUM POC This Month

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Awin Data Feed
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-1757 MEDIUM POC This Month

The pagebar WordPress plugin before 2.70 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Pagebar
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-1626 MEDIUM POC This Month

The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Sharebar
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-31579 CRITICAL Act Now

The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Iasset
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy