Skip to main content
CVE-2022-0776 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Reveal Js
NVD GitHub
CVSS 3.1
6.1
EPSS
3.7%
CVE-2021-44961 MEDIUM POC This Month

A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libslic3R
NVD VulDB
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-25020 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pluxml
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.2%
CVE-2022-25022 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Htmly
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-25012 MEDIUM POC This Month

Argus Surveillance DVR v4.0 employs weak password encryption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dvr
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-26332 MEDIUM POC This Month

Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cipi
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-24718 MEDIUM PATCH This Month

ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ssr Pages
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-24719 MEDIUM PATCH MAL This Month

Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fluture Node
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-24717 MEDIUM PATCH This Month

ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ssr Pages
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-22321 MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with a password hash that provides insufficient protection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Mq
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-24446 MEDIUM This Month

An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Key Manager Plus
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy