Skip to main content
CVE-2022-4850 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-4849 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-4847 MEDIUM POC PATCH This Month

Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-4846 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-30519 MEDIUM POC This Month

XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Reprise License Manager
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
2.5%
CVE-2022-4848 MEDIUM POC PATCH This Month

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2022-4841 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-4840 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-4839 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-4851 MEDIUM POC PATCH This Month

Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-4845 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-4778 MEDIUM This Month

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Authentication Bypass Streamx
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-38210 MEDIUM This Month

There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38209 MEDIUM This Month

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38208 MEDIUM This Month

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38207 MEDIUM This Month

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38206 MEDIUM This Month

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38204 MEDIUM This Month

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-46181 MEDIUM PATCH This Month

Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy