Skip to main content
CVE-2022-0921 MEDIUM POC PATCH This Month

Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

RCE Code Injection Microweber
NVD GitHub
CVSS 3.1
6.7
EPSS
2.1%
CVE-2022-0932 MEDIUM POC PATCH This Month

Missing Authorization in GitHub repository saleor/saleor prior to 3.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Saleor
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-25511 MEDIUM POC This Month

An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Freetakserver Ui
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-25506 MEDIUM POC This Month

FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Freetakserver Ui
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-0821 MEDIUM POC PATCH This Month

Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Orchardcore
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-0820 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Orchardcore
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-0924 MEDIUM POC PATCH This Month

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff Debian Linux Fedora +1
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-0909 MEDIUM POC PATCH This Month

Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Debian Linux Fedora Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-0908 MEDIUM POC PATCH This Month

Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libtiff Debian Linux Fedora +1
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2022-0907 MEDIUM POC This Month

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux Fedora Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-0928 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
5.4
EPSS
2.4%
CVE-2022-26874 MEDIUM POC PATCH This Month

lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Horde Mime Viewer Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-0822 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Orchardcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-25507 MEDIUM POC This Month

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Freetakserver Ui
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25839 MEDIUM POC PATCH This Month

The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Url Js
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-0870 MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Gogs
NVD GitHub
CVSS 3.1
5.3
EPSS
3.4%
CVE-2022-0912 MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Microweber
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-23625 MEDIUM PATCH This Month

Wire-ios is a messaging application using the wire protocol on apple's ios platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apple Wire Wire Ios Transport
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-0002 MEDIUM PATCH This Month

Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Policy Intel Atom X5 E3930 Atom X5 E3940 +501
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-0001 MEDIUM PATCH This Month

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Intel Information Disclosure Atom P5921B Atom P5931B Atom P5942B +455
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-25601 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Contact Form X Fedora
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-24090 MEDIUM PATCH This Month

Adobe Photoshop versions 23.1.1 (and earlier) and 22.5.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Adobe Buffer Overflow Information Disclosure Photoshop
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2022-26878 MEDIUM PATCH This Month

drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy