Skip to main content
CVE-2022-24599 MEDIUM POC This Month

In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Audiofile Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2022-25307 MEDIUM POC PATCH This Month

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS WordPress Wp Statistics
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-25306 MEDIUM POC PATCH This Month

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS WordPress Wp Statistics
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-25305 MEDIUM POC PATCH THREAT This Month

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS WordPress Wp Statistics
NVD GitHub
CVSS 3.1
6.1
EPSS
78.9%
CVE-2022-0653 MEDIUM POC PATCH This Month

The Profile Builder - User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS WordPress Profile Builder
NVD
CVSS 3.1
6.1
EPSS
2.7%
CVE-2022-24614 MEDIUM POC PATCH This Month

When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Metadata Extractor
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-24613 MEDIUM POC PATCH This Month

metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Metadata Extractor
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-0695 MEDIUM POC PATCH This Month

Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Radare2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-24620 MEDIUM POC This Month

Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XSS Piwigo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-23135 MEDIUM This Month

There is a directory traversal vulnerability in some home gateway products of ZTE. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Path Traversal Zxhn F677 Firmware Zxhn F477 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-24687 MEDIUM PATCH This Month

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure HashiCorp Consul
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-25638 MEDIUM PATCH This Month

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Wolfssl
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-25363 MEDIUM This Month

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Memory Corruption Buffer Overflow Fireware
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-25290 MEDIUM This Month

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Information Disclosure Fireware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-23810 MEDIUM This Month

Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection A Blog Cms
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-24709 MEDIUM PATCH This Month

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Awsui Components React
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-0710 MEDIUM This Month

The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Header Footer Code Manager
NVD
CVSS 3.1
6.1
EPSS
2.4%
CVE-2022-0683 MEDIUM PATCH This Month

The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS WordPress Essential Addons For Elementor
NVD
CVSS 3.1
6.1
EPSS
3.2%
CVE-2022-24435 MEDIUM PATCH This Month

Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpuploader
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-24374 MEDIUM This Month

Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS A Blog Cms
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-23916 MEDIUM This Month

Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS A Blog Cms
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0544 MEDIUM This Month

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Information Disclosure Blender Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-24615 MEDIUM PATCH This Month

zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zip4J
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-24708 MEDIUM PATCH This Month

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Time Tracker
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-24582 MEDIUM This Month

Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Accounting Journal Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-24566 MEDIUM This Month

In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Checkmk
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-24565 MEDIUM This Month

Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Checkmk
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-23701 MEDIUM This Month

A potential remote host header injection security vulnerability has been identified in HPE Integrated Lights-Out 4 (iLO 4) firmware version(s): Prior to 2.60. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Integrated Lights Out
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-25355 MEDIUM PATCH This Month

EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ec Cube
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-24633 MEDIUM This Month

All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Filecloud
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-23655 MEDIUM PATCH This Month

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

PHP Jwt Attack Information Disclosure October
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-22349 MEDIUM PATCH This Month

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Path Traversal Sterling External Authentication Server
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-21179 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series) allows a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF E Mail Newsletter Management
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy