Skip to main content
CVE-2022-21952 HIGH POC This Week

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Manager Server
NVD VulDB
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-23079 MEDIUM POC PATCH This Month

In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Code Injection Motor Admin
NVD GitHub
CVSS 2.0
6.8
EPSS
1.3%
CVE-2022-2174 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
2.8%
CVE-2022-23077 MEDIUM POC PATCH This Month

In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Habitica
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-23078 MEDIUM POC PATCH This Month

In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Open Redirect Habitica
NVD GitHub
CVSS 2.0
5.8
EPSS
1.1%
CVE-2022-20651 MEDIUM POC This Month

A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Adaptive Security Device Manager
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-23055 MEDIUM POC This Month

In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Erpnext
NVD GitHub
CVSS 2.0
5.5
EPSS
1.1%
CVE-2022-23057 MEDIUM POC PATCH This Month

In ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored Cross-Site-Scripting (XSS), due to user input not being validated properly. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Erpnext
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-31248 MEDIUM POC This Month

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Manager Server
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-23080 MEDIUM POC PATCH This Month

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Directus
NVD GitHub
CVSS 3.1
5.0
EPSS
0.8%
CVE-2022-23081 MEDIUM POC PATCH This Month

In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Openlibrary
NVD GitHub
CVSS 2.0
4.3
EPSS
0.9%
CVE-2022-23058 LOW POC PATCH Monitor

ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Erpnext
NVD GitHub
CVSS 2.0
3.5
EPSS
0.8%
CVE-2022-23056 LOW POC PATCH Monitor

In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Erpnext
NVD GitHub
CVSS 2.0
3.5
EPSS
0.8%
CVE-2022-32549 MEDIUM This Month

Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Code Injection Sling Api Sling Commons Log
NVD
CVSS 3.1
5.3
EPSS
2.3%
CVE-2022-32159 LOW PATCH Monitor

In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Infogami
NVD GitHub
CVSS 2.0
3.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy