Skip to main content
CVE-2022-4723 MEDIUM POC PATCH This Month

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Rdiffweb
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-4720 MEDIUM POC PATCH This Month

Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Rdiffweb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-47968 MEDIUM POC This Month

Heimdall Application Dashboard through 2.5.4 allows reflected and stored XSS via "Application name" to the "Add application" page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Heimdall Application Dashboard
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-4730 MEDIUM POC PATCH This Month

A vulnerability was found in Graphite Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Graphite
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-4729 MEDIUM POC PATCH This Month

A vulnerability was found in Graphite Web and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Graphite
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-4728 MEDIUM POC PATCH This Month

A vulnerability has been found in Graphite Web and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Graphite
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-4721 MEDIUM POC PATCH This Month

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository ikus060/rdiffweb prior to 2.5.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Rdiffweb
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-4695 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-4694 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-4691 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-4733 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-2582 MEDIUM POC PATCH This Month

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Aws Software Development Kit
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-4734 MEDIUM POC PATCH This Month

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-45426 MEDIUM PATCH This Month

Some Dahua software products have a vulnerability of unrestricted download of file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Information Disclosure Dahua Dss Express Dss Professional +3
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-4766 MEDIUM PATCH This Month

A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Dolibarr Project Timesheet
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-4727 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in OpenMRS Appointment Scheduling Module up to 1.16.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java XSS Appointment Scheduling Module
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-4755 MEDIUM PATCH This Month

A vulnerability was found in FlatPress and classified as problematic.mediamanager.file.php of the component Media Manager Plugin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Flatpress
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-45434 MEDIUM PATCH This Month

Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Dahua Denial Of Service Dhi Dss7016D S2 Firmware Dhi Dss7016Dr S2 Firmware Dhi Dss4004 S2 Firmware +2
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2022-45432 MEDIUM PATCH This Month

Some Dahua software products have a vulnerability of unauthenticated search for devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Dahua Dhi Dss7016D S2 Firmware Dhi Dss7016Dr S2 Firmware Dhi Dss4004 S2 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-45424 MEDIUM PATCH This Month

Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Dahua Dss Express Dss Professional Dhi Dss7016D S2 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy