Skip to main content
CVE-2022-31526 CRITICAL POC Act Now

The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Thunderdocs
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31525 CRITICAL POC Act Now

The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Deep Learning Studio
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31524 CRITICAL POC Act Now

The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Pure Swagger
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31523 CRITICAL POC Act Now

The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Anakin
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31522 CRITICAL POC Act Now

The NotVinay/karaokey repository through 2019-12-11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Karaokey
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31521 CRITICAL POC Act Now

The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mosaic
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31520 CRITICAL POC Act Now

The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Logstash Management Api
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31519 CRITICAL POC Act Now

The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Windmill
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31518 CRITICAL POC Act Now

The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Python Recipe Database
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31517 CRITICAL POC Act Now

The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mercury Sample Manager
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31516 CRITICAL POC Act Now

The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Harveyzyh Python
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31515 CRITICAL POC Act Now

The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Carceresbe
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31514 CRITICAL POC Act Now

The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Fan Platform
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31513 CRITICAL POC Act Now

The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Krypton
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31512 CRITICAL POC Act Now

The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Flask Mvc
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31511 CRITICAL POC Act Now

The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Equanimity
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31510 CRITICAL POC PATCH Act Now

The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Simple Rat
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31509 CRITICAL POC Act Now

The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Usap Dc Web Submission And Dataset Search
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31508 CRITICAL POC PATCH Act Now

The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal E Voting
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31507 CRITICAL POC PATCH Act Now

The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Ganga
NVD GitHub
CVSS 3.1
9.3
EPSS
1.6%
CVE-2022-31506 CRITICAL POC PATCH Act Now

The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Opendiamond
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31505 CRITICAL POC Act Now

The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Mercadoenlineaback
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31504 CRITICAL POC Act Now

The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Baiduwenkuspider Flaskweb
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31503 CRITICAL POC PATCH Act Now

The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Orchest
NVD GitHub
CVSS 3.1
9.3
EPSS
1.6%
CVE-2022-31502 CRITICAL POC PATCH Act Now

The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Path Traversal Wormnest
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31501 CRITICAL POC PATCH Act Now

The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Path Traversal Onyxforum
NVD GitHub
CVSS 3.1
9.3
EPSS
1.4%
CVE-2022-31140 CRITICAL POC PATCH Act Now

Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service Information Disclosure Valinor
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2022-2302 CRITICAL Act Now

Multiple Lenze products of the cabinet series skip the password verification upon second login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C520 Firmware C550 Firmware C750 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-32294 CRITICAL Act Now

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Collaboration
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-31570 CRITICAL Act Now

The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Ceneo Web Scrapper
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-31579 CRITICAL Act Now

The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Iasset
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31577 CRITICAL Act Now

The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Audio Aligner App
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31565 CRITICAL Act Now

The yogson/syrabond repository through 2020-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Syrabond
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31564 CRITICAL PATCH Act Now

The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Path Traversal Munhak Moa
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31563 CRITICAL Act Now

The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Vprj
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31562 CRITICAL Act Now

The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Internshipsystem
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31561 CRITICAL Act Now

The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Sphere Imagebackend
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31560 CRITICAL Act Now

The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Photo Tag
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31559 CRITICAL Act Now

The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Flask Yeoman
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31558 CRITICAL Act Now

The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Shiva Server
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31557 CRITICAL Act Now

The seveas/golem repository through 2016-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Golem
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy