Skip to main content
CVE-2022-37617 CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Browserify Shim
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42044 CRITICAL POC Act Now

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Asns
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42043 CRITICAL POC Act Now

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Xml
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42042 CRITICAL POC Act Now

The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S Networking
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42041 CRITICAL POC Act Now

The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Python D8S File System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42040 CRITICAL POC Act Now

The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Algorithms
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2022-42039 CRITICAL POC Act Now

The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Lists
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42038 CRITICAL POC Act Now

The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Ip Addresses
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42037 CRITICAL POC Act Now

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Asns
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42036 CRITICAL POC Act Now

The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Urls
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41387 CRITICAL POC Act Now

The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Pdfs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41386 CRITICAL POC Act Now

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Utility
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41385 CRITICAL POC Act Now

The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Html
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41384 CRITICAL POC Act Now

The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Domains
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41383 CRITICAL POC Act Now

The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Archives
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41382 CRITICAL POC Act Now

The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Json
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41381 CRITICAL POC Act Now

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Utility
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-41380 CRITICAL POC Act Now

The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python File Upload D8S Yaml
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-32174 CRITICAL POC THREAT Act Now

In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gogs
NVD GitHub
CVSS 3.1
9.0
EPSS
58.0%
CVE-2022-37968 CRITICAL PATCH Act Now

Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Kubernetes Azure Arc Enabled Kubernetes Azure Stack Edge
NVD
CVSS 3.1
10.0
EPSS
2.6%
CVE-2022-35299 CRITICAL Act Now

SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Stack Overflow Buffer Overflow Sap Iq Sql Anywhere
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-37609 CRITICAL Act Now

Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prototype Pollution Js Beautify
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-36361 CRITICAL PATCH Act Now

A vulnerability has been identified in LOGO!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Logo 8 Bm Firmware Logo 8 Bm Fs 05 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-37616 CRITICAL PATCH Act Now

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Code Injection Prototype Pollution Node.js Xmldom Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-40138 CRITICAL PATCH Act Now

An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-35289 CRITICAL PATCH Act Now

A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-32234 CRITICAL PATCH Act Now

An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy