Skip to main content
CVE-2022-45908 CRITICAL POC PATCH Act Now

In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Paddlepaddle
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-45907 CRITICAL POC PATCH Act Now

In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Pytorch
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-24999 HIGH POC PATCH THREAT This Week

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Prototype Pollution Qs Express Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
14.7%
CVE-2022-45909 CRITICAL PATCH Act Now

drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Drachtio Server
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy