Skip to main content
CVE-2021-40649 MEDIUM POC This Month

In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Connx
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-40650 MEDIUM POC This Month

In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Connx
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-30931 MEDIUM POC This Month

Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Employee Leaves Management System
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-31415 MEDIUM POC This Month

Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Fire Reporting System
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-31403 MEDIUM POC This Month

ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2022-29034 MEDIUM POC PATCH THREAT This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Sinema Remote Connect Server
NVD
CVSS 3.1
6.1
EPSS
28.3%
CVE-2022-2079 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nocodb
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-29614 MEDIUM POC This Month

SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation SAP Host Agent Netweaver Abap
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2022-30903 MEDIUM POC This Month

Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia XSS G 2425G A Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-30930 MEDIUM POC This Month

Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tourism Management System
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-30231 MEDIUM PATCH This Month

A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Sicam Gridedge Essential
NVD
CVSS 4.0
6.9
EPSS
0.6%
CVE-2022-31594 MEDIUM This Month

A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Adaptive Server Enterprise
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-31047 MEDIUM PATCH This Month

TYPO3 is an open source web content management system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Typo3
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-31589 MEDIUM This Month

Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Erp Financial Accounting Erp Localization For Cee Countries S 4Hana
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-32259 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-32256 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Sinema Remote Connect Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-29618 MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Development Infrastructure
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-32286 MEDIUM This Month

A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Saml
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-32145 MEDIUM PATCH This Month

A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Teamcenter Active Workspace
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-29485 MEDIUM PATCH This Month

Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Shirasagi
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-27221 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2022-32243 MEDIUM This Month

When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-32242 MEDIUM This Month

When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32241 MEDIUM This Month

When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32240 MEDIUM This Month

When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32239 MEDIUM This Month

When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32238 MEDIUM This Month

When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32237 MEDIUM This Month

When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32236 MEDIUM This Month

When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-32235 MEDIUM This Month

When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-21504 MEDIUM PATCH This Month

The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31049 MEDIUM PATCH This Month

TYPO3 is an open source web content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-31048 MEDIUM PATCH This Month

TYPO3 is an open source web content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-31059 MEDIUM PATCH This Month

Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discourse Calendar
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-31060 MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-32255 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Sinema Remote Connect Server
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-32561 MEDIUM This Month

An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-31066 MEDIUM PATCH This Month

EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Edgex Foundry
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2022-31046 MEDIUM PATCH This Month

TYPO3 is an open source web content management system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Typo3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-29238 MEDIUM PATCH This Month

Jupyter Notebook is a web-based notebook environment for interactive computing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Notebook
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-29612 MEDIUM This Month

SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF SAP Host Agent Netweaver Abap
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-27220 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-27219 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy