CVE-2022-31149

CRITICAL Year: 2022
CVSS v3 Score
9.6
Critical
Weakness Type
CWE-290
View all →

Vulnerability Description

ActivityWatch open-source automated time tracker. Versions prior to 0.12.0b2 are vulnerable to DNS rebinding attacks. This vulnerability impacts everyone running ActivityWatch and gives the attacker full access to the ActivityWatch REST API. Users should upgrade to v0.12.0b2 or later to receive a patch. As a workaround, block DNS lookups that resolve to 127.0.0.1.

Related Vulnerabilities

CVE-2024-12108

CRITICAL
CVSS:9.6(Critical)

In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.

CWE-2902024

CVE-2024-23674

CRITICAL
CVSS:9.6(Critical)

The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for...

CWE-2902024

CVE-2024-32977

CRITICAL
CVSS:9.4(Critical)

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely ...

CWE-2902024

CVE-2024-54450

CRITICAL
CVSS:9.4(Critical)

An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is received during authentication, the Kurmi application will record the (possibly forged) IP address mention...

CWE-2902024

CVE-2025-25182

CRITICAL
CVSS:9.4(Critical)

Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authenti...

CWE-2902025

CVE-2009-1048

CRITICAL
CVSS:9.8(Critical)

The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypa...

CWE-2902009