Skip to main content
CVE-2022-43776 MEDIUM POC This Month

The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Metabase
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-25849 MEDIUM POC This Month

The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hyperdown
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3669 MEDIUM POC This Month

A vulnerability was found in Axiomatic Bento4 and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-3668 MEDIUM POC This Month

A vulnerability has been found in Axiomatic Bento4 and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-3663 MEDIUM POC This Month

A vulnerability was found in Axiomatic Bento4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-3704 MEDIUM POC PATCH This Month

A vulnerability classified as problematic has been found in Ruby on Rails. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Rails
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-39348 MEDIUM POC PATCH This Month

Twisted is an event-based framework for internet applications. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Twisted Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2022-20776 MEDIUM This Month

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Path Traversal Telepresence Collaboration Endpoint Roomos
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2022-43750 MEDIUM PATCH This Month

drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-39360 MEDIUM PATCH This Month

Metabase is data visualization software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Metabase
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-39359 MEDIUM PATCH This Month

Metabase is data visualization software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Metabase
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-39358 MEDIUM This Month

Metabase is data visualization software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Metabase
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-40703 MEDIUM This Month

17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Kardia
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-3673 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Sanitization Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Sanitization Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-3672 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Sanitization Management System 1.0.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Sanitization Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-20953 MEDIUM This Month

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Path Traversal Telepresence Collaboration Endpoint Roomos
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-20959 MEDIUM This Month

A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-3474 MEDIUM This Month

A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bazel
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy