Skip to main content
CVE-2022-2143 CRITICAL POC THREAT Emergency

The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Iview
NVD
CVSS 3.1
9.8
EPSS
59.2%
CVE-2022-34115 CRITICAL POC PATCH Act Now

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-34113 CRITICAL POC PATCH Act Now

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-25759 CRITICAL POC PATCH Act Now

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Convert Svg Core
NVD GitHub
CVSS 3.1
9.8
EPSS
9.2%
CVE-2022-34983 CRITICAL POC PATCH Act Now

The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Scu Captcha
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-34981 CRITICAL POC PATCH Act Now

The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Pycrowdtangle
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-34839 CRITICAL Act Now

Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp Oauth2 Server
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-34982 CRITICAL PATCH Act Now

The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Eziod
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-34509 CRITICAL Act Now

The wikifaces package in PyPI v1.0 included a code execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Wikifaces
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-34501 CRITICAL Act Now

The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Pypi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-34500 CRITICAL Act Now

The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Pypi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-2139 CRITICAL Act Now

The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Iview
NVD
CVSS 3.1
9.8
EPSS
14.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy