Skip to main content
CVE-2022-0996 MEDIUM POC This Month

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 389 Directory Server Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-0750 MEDIUM POC This Month

The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS WordPress Photoswipe Masonry Gallery
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-25221 MEDIUM POC This Month

Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Money Transfer Management System
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-0854 MEDIUM POC This Month

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-27254 MEDIUM POC This Month

The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Civic 2018 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-25223 MEDIUM POC This Month

Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in 'mtms/admin/?page=transaction/view_details' via the 'id' parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Money Transfer Management System
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-0859 MEDIUM This Month

McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Epolicy Orchestrator
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-24730 MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Path Traversal Argo Cd
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-22316 MEDIUM PATCH This Month

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-25269 MEDIUM This Month

Passwork On-Premise Edition before 4.6.13 has multiple XSS issues. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Passwork
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-0857 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Epolicy Orchestrator
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-25609 MEDIUM This Month

Stored Cross-Site Scripting (XSS) in Yoo Slider - Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Yoo Slider
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25608 MEDIUM This Month

Cross-Site Request Forgery (CSRF) in Yoo Slider - Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Yoo Slider
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-0862 MEDIUM This Month

A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Epolicy Orchestrator
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-0396 MEDIUM PATCH This Month

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bind Fedora H300s Firmware H500s Firmware +7
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2022-24731 MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Path Traversal Argo Cd
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%
CVE-2022-0842 MEDIUM This Month

A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Information Disclosure Epolicy Orchestrator
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-0858 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Epolicy Orchestrator
NVD
CVSS 3.1
4.7
EPSS
0.8%
CVE-2022-25266 MEDIUM This Month

Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Passwork
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-25041 MEDIUM This Month

OpenEMR v6.0.0 was discovered to contain an incorrect access control issue. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openemr
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-23242 MEDIUM PATCH This Month

TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity.

Denial Of Service Teamviewer
NVD
CVSS 3.1
4.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy