Skip to main content
CVE-2022-26280 MEDIUM POC This Month

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libarchive Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2022-0549 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-26980 MEDIUM POC PATCH This Month

Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Teampass
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-0818 MEDIUM POC This Month

The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Woocommerce Affiliate
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0680 MEDIUM POC This Month

The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Plezi
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0647 MEDIUM POC This Month

The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Bulk Creator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0643 MEDIUM POC This Month

The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Bank Mellat
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0641 MEDIUM POC This Month

The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Popup Like Box
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0621 MEDIUM POC This Month

The dTabs WordPress plugin through 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Dtabs
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0620 MEDIUM POC This Month

The Delete Old Orders WordPress plugin through 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Delete Old Orders
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0619 MEDIUM POC This Month

The Database Peek WordPress plugin through 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Database Peek
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0600 MEDIUM POC This Month

The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Conference Scheduler
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0599 MEDIUM POC This Month

The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Mapping Multiple Urls Redirect Same Page
NVD WPScan
CVSS 3.1
6.1
EPSS
1.7%
CVE-2022-26296 MEDIUM POC This Month

BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Risvc Boom
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-26291 MEDIUM POC This Month

lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Long Range Zip Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-1056 MEDIUM POC PATCH This Month

Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff Active Iq Unified Manager
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-0720 MEDIUM POC This Month

The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Amelia
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0595 MEDIUM POC PATCH THREAT This Month

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload WordPress Drag And Drop Multiple File Upload Contact Form 7
NVD WPScan
CVSS 3.1
5.4
EPSS
13.6%
CVE-2022-0450 MEDIUM POC This Month

The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress CSRF Menu Image Icons Made Easy
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0397 MEDIUM POC This Month

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action's response. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wpc Smart Wishlist For Woocommerce
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0493 MEDIUM POC This Month

The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal String Locator
NVD WPScan
CVSS 3.1
4.9
EPSS
1.4%
CVE-2022-0388 MEDIUM POC This Month

The Interactive Medical Drawing of Human Body WordPress plugin before 2.6 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Interactive Medical Drawing Of Human Body
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0344 MEDIUM POC This Month

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2022-0833 MEDIUM POC This Month

The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Church Admin
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-0123 MEDIUM This Month

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-0283 MEDIUM This Month

An issue has been discovered affecting GitLab versions prior to 13.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Open Redirect Atlassian
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-27950 MEDIUM PATCH This Month

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-0488 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-0371 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy