CVE-2022-2470

Cross-site Scripting (XSS) – Reflected in GitHub repository microweber/microweber prior to 1.2.21.

Source: CVE-2022-2470

CVE-2022-34501

The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party.

Source: CVE-2022-34501

CVE-2022-2136

The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.

Source: CVE-2022-2136

CVE-2022-34520

Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) via a crafted binary file.

Source: CVE-2022-34520

CVE-2022-2137

The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information

Source: CVE-2022-2137

CVE-2022-2139

The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.

Source: CVE-2022-2139

CVE-2022-34982

The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.

Source: CVE-2022-34982

CVE-2022-34981

The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.

Source: CVE-2022-34981

CVE-2022-34500

The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party.

Source: CVE-2022-34500

CVE-2022-2138

The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.

Source: CVE-2022-2138