Skip to main content
CVE-2022-41719 HIGH POC PATCH This Week

Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Messagepack
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-45129 HIGH POC PATCH This Week

Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Payara
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-39038 HIGH This Week

Agentflow BPM enterprise management system has improper authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Agentflow
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-42787 HIGH This Week

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure At Modem Emulator Firmware Com Server Firmware Com Server 20Ma Firmware Com Server Highspeed 100Basefx Firmware +13
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-39393 HIGH PATCH This Week

Wasmtime is a standalone runtime for WebAssembly. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wasmtime
NVD GitHub
CVSS 3.1
8.6
EPSS
0.7%
CVE-2022-39368 HIGH PATCH This Week

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Californium
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2022-41607 HIGH PATCH This Week

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Remote Access Server Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-39037 HIGH This Week

Agentflow BPM file download function has a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Agentflow
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-38122 HIGH This Week

UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Upsmon Pro
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-39392 HIGH PATCH This Week

Wasmtime is a standalone runtime for WebAssembly. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Wasmtime
NVD GitHub
CVSS 3.1
7.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy