Skip to main content
CVE-2022-31577 CRITICAL Act Now

The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Audio Aligner App
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31565 CRITICAL Act Now

The yogson/syrabond repository through 2020-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Syrabond
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31564 CRITICAL PATCH Act Now

The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Path Traversal Munhak Moa
NVD GitHub
CVSS 3.1
9.3
EPSS
1.3%
CVE-2022-31563 CRITICAL Act Now

The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Vprj
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31562 CRITICAL Act Now

The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Internshipsystem
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31561 CRITICAL Act Now

The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Sphere Imagebackend
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31560 CRITICAL Act Now

The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Photo Tag
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31559 CRITICAL Act Now

The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Flask Yeoman
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31558 CRITICAL Act Now

The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Shiva Server
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-31557 CRITICAL Act Now

The seveas/golem repository through 2016-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Golem
NVD GitHub
CVSS 3.1
9.3
EPSS
1.2%
CVE-2022-2093 MEDIUM POC This Month

The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Duplicate Page
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-2089 MEDIUM POC This Month

The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Bold Page Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
1.0%
CVE-2022-2050 MEDIUM POC This Month

The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Paginate
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1894 MEDIUM POC This Month

The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Popup Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-31566 HIGH This Week

The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Data Stream Algorithm Benchmark
NVD GitHub
CVSS 3.1
8.6
EPSS
1.1%
CVE-2022-2123 MEDIUM POC This Month

The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Opt In
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1957 MEDIUM POC This Month

The Comment License WordPress plugin before 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Comment License
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1956 MEDIUM POC This Month

The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Shortcut Macros
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-30602 HIGH This Week

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-31139 HIGH PATCH This Week

UnsafeAccessor (UA) is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Unsafe Accessor
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-30792 HIGH This Week

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 Sl Control For Linux Sl +15
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-30791 HIGH This Week

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Control For Beaglebone Control For Empc A Imx6 Control For Iot2000 Sl Control For Linux Sl +15
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-31080 MEDIUM PATCH This Month

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubeedge
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31079 MEDIUM PATCH This Month

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubeedge
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31078 MEDIUM PATCH This Month

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubeedge
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31075 MEDIUM PATCH This Month

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubeedge
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-31074 MEDIUM PATCH This Month

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubeedge
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29512 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-27168 MEDIUM PATCH This Month

Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Litecart
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-1794 MEDIUM This Month

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Opc Da Server
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31472 MEDIUM This Month

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-30943 MEDIUM This Month

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.8%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy