Skip to main content
CVE-2022-3234 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-39217 CRITICAL PATCH Act Now

some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ghas To Csv
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-3231 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-39960 MEDIUM POC THREAT This Month

The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Group Export
NVD GitHub
CVSS 3.1
5.3
EPSS
25.7%
CVE-2022-3232 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Rdiffweb
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-3173 MEDIUM POC PATCH This Month

Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Snipe It
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-39210 MEDIUM PATCH This Month

Nextcloud android is the official Android client for the Nextcloud home server platform. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Google Nextcloud Path Traversal
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-39212 MEDIUM PATCH This Month

Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Nextcloud Talk
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy