Skip to main content
CVE-2022-4809 HIGH POC PATCH This Week

Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-4808 HIGH POC PATCH This Week

Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-4803 HIGH POC PATCH This Week

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-23555 HIGH POC This Week

authentik is an open-source Identity Provider focused on flexibility and versatility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-4796 HIGH POC PATCH This Week

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-46179 HIGH POC PATCH This Week

LiuOS is a small Python project meant to imitate the functions of a regular operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Python Authentication Bypass Liuos
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-41966 HIGH POC PATCH This Week

XStream serializes Java objects to XML and back again. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Denial Of Service Buffer Overflow Xstream
NVD GitHub
CVSS 3.1
7.5
EPSS
8.7%
CVE-2022-4817 HIGH PATCH This Week

A vulnerability was found in centic9 jgit-cookbook. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Jgit Cookbook
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-44564 HIGH This Week

Huawei Aslan Children's Watch has a path traversal vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Huawei Aslan Al10 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-23553 HIGH PATCH This Week

Alpine is a scaffolding library in Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alpine
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-39012 HIGH This Week

Huawei Aslan Children's Watch has an improper input validation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei Aslan Al10 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-38202 HIGH This Week

There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Arcgis Server
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-3347 HIGH This Week

DNSSEC validation is not performed correctly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Resolver
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-41967 HIGH PATCH This Week

Dragonfly is a Java runtime dependency management library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Java XXE Dragonfly
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy