Skip to main content
CVE-2022-33098 MEDIUM POC THREAT This Month

Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.5%.

XSS Magnolia Cms
NVD Exploit-DB VulDB
CVSS 3.1
6.1
EPSS
50.5%
Threat
4.2
CVE-2022-32206 MEDIUM POC PATCH THREAT This Month

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora Debian Linux Clustered Data Ontap +15
NVD
CVSS 3.1
6.5
EPSS
32.0%
CVE-2022-34007 MEDIUM POC This Month

EQS Integrity Line Professional through 2022-07-01 allows a stored XSS via a crafted whistleblower entry. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Integrity Line
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-32208 MEDIUM POC This Month

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Curl Fedora Debian Linux Clustered Data Ontap +10
NVD
CVSS 3.1
5.9
EPSS
6.8%
CVE-2022-25047 MEDIUM POC This Month

The password reset token in CWP v0.9.8.1126 is generated using known or predictable values. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Webpanel
NVD GitHub
CVSS 3.1
5.9
EPSS
1.8%
CVE-2022-32441 MEDIUM POC This Month

A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause a Denial of Service (DoS) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Ida
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32567 MEDIUM POC This Month

The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Jira Misc Custom Fields
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2342 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to v0.64.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Outline
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-32061 MEDIUM POC This Month

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload Snipe It
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-32060 MEDIUM POC This Month

An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload Snipe It
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2022-32205 MEDIUM POC PATCH THREAT This Month

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora Debian Linux Clustered Data Ontap +15
NVD
CVSS 3.1
4.3
EPSS
26.9%
CVE-2022-31136 MEDIUM PATCH This Month

Bookwyrm is an open source social reading and reviewing program. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bookwyrm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-31029 MEDIUM PATCH This Month

AdminLTE is a Pi-hole Dashboard for stats and configuration. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adminlte
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-31133 MEDIUM PATCH This Month

HumHub is an Open Source Enterprise Social Network. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Humhub
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-28889 MEDIUM PATCH This Month

In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Druid
NVD
CVSS 3.1
4.3
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy