Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-02-01 CVE-2022-4206 A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report
network
low complexity
6.5
2023-02-01 CVE-2023-0606 Cross-site Scripting vulnerability in Ampache
Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache prior to 5.5.7.
network
low complexity
ampache CWE-79
6.1
2023-01-31 CVE-2022-45598 Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization.
network
low complexity
CWE-79
6.1
2023-01-31 CVE-2022-44644 Cleartext Storage of Sensitive Information vulnerability in Apache Linkis
In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter.
network
low complexity
apache CWE-312
6.5
2023-01-31 CVE-2023-0591 ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory).
local
low complexity
CWE-22
5.5
2023-01-31 CVE-2022-39061 ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length.
network
low complexity
CWE-125
6.5
2023-01-31 CVE-2022-25979 Cross-site Scripting vulnerability in Jsuites
Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the Editor() function.
network
low complexity
jsuites CWE-79
6.1
2023-01-31 CVE-2022-4898 In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link.
network
low complexity
CWE-79
5.4
2023-01-31 CVE-2022-40258 AMI Megarac Weak password hashes for Redfish & API
network
low complexity
CWE-916
5.3
2023-01-31 CVE-2022-44897 Cross-site Scripting vulnerability in Apollotheme AP Pagebuilder 2.4.4
A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show_number parameter.
network
low complexity
apollotheme CWE-79
6.1