Skip to main content
CVE-2022-2595 CRITICAL POC PATCH Act Now

Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Titra
NVD GitHub
CVSS 3.1
10.0
EPSS
1.1%
CVE-2022-31188 CRITICAL POC PATCH THREAT Act Now

CVAT is an opensource interactive video and image annotation tool for computer vision. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Computer Vision Annotation Tool
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
47.8%
CVE-2022-31183 CRITICAL POC PATCH Act Now

fs2 is a compositional, streaming I/O library for Scala. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Node.js Fs2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-31181 CRITICAL POC PATCH Act Now

PrestaShop is an Open Source e-commerce platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Prestashop
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2022-31180 CRITICAL POC PATCH Act Now

Shescape is a simple shell escape package for JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Shescape
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-31179 CRITICAL POC PATCH Act Now

Shescape is a simple shell escape package for JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Code Injection Shescape
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-2317 CRITICAL POC Act Now

The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Simple Membership
NVD WPScan
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-1950 CRITICAL POC Act Now

The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Youzify
NVD WPScan
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-26437 CRITICAL Act Now

In httpclient, there is a possible out of bounds write due to uninitialized data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Nbiot Sdk
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-27255 CRITICAL Act Now

In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ecos Rsdk Firmware Ecos Msdk Firmware
NVD
CVSS 3.1
9.8
EPSS
37.1%
CVE-2022-31321 CRITICAL Act Now

The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bolt
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-31775 CRITICAL PATCH Act Now

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Datapower Gateway
NVD
CVSS 3.1
9.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy