Skip to main content
CVE-2022-28090 MEDIUM POC This Month

Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Jspxcms
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-27461 MEDIUM POC This Month

In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Nopcommerce
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-1584 MEDIUM POC PATCH This Month

Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-28508 MEDIUM POC This Month

An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mantisbt
NVD GitHub
CVSS 3.1
6.1
EPSS
5.2%
CVE-2022-1571 MEDIUM POC PATCH This Month

Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Facturascripts
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1555 MEDIUM POC PATCH This Month

DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-29950 MEDIUM POC This Month

Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories name parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hunter
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-25787 MEDIUM This Month

Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-29943 MEDIUM This Month

Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Administration Center
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29942 MEDIUM This Month

Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Administration Center
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-30241 MEDIUM PATCH This Month

The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Node.js Jquery Json Viewer
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-28081 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Arphp
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-25781 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-20796 MEDIUM This Month

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-25782 MEDIUM This Month

Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25786 MEDIUM This Month

Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-25784 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sitemanager 1129 Firmware Sitemanager 1139 Firmware Sitemanager 1149 Firmware Sitemanager 3329 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-20794 MEDIUM This Month

Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS). Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Open Redirect Information Disclosure Telepresence Collaboration Endpoint +1
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2022-20734 MEDIUM This Month

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Catalyst Sd Wan Manager
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-25783 MEDIUM This Month

Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-25780 MEDIUM This Month

Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-25779 MEDIUM This Month

Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-1502 MEDIUM PATCH This Month

Permissions were not properly verified in the API on projects using version control in Git. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Server
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy