Skip to main content
CVE-2022-0830 MEDIUM POC This Month

The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Formbuilder
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-0404 MEDIUM POC This Month

The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass WordPress Material Design For Contact Form 7
NVD WPScan
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-1225 MEDIUM POC PATCH This Month

Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Phpipam
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-1224 MEDIUM POC PATCH This Month

Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Phpipam
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-1223 MEDIUM POC PATCH This Month

Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Phpipam
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-1233 MEDIUM POC PATCH This Month

URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Uri Js
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1175 MEDIUM POC THREAT This Month

Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
82.0%
CVE-2022-1170 MEDIUM POC This Month

In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Jobmonster
NVD WPScan
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-1169 MEDIUM POC This Month

There is a XSS vulnerability in Careerfy. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Careerfy
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-1168 MEDIUM POC This Month

There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Jobsearch Wp Job Board
NVD WPScan
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-1167 MEDIUM POC This Month

There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Careerup
NVD WPScan
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-1164 MEDIUM POC This Month

The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wyzi
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0901 MEDIUM POC This Month

The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ad Inserter
NVD WPScan
CVSS 3.1
6.1
EPSS
3.5%
CVE-2022-0864 MEDIUM POC This Month

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Updraftplus
NVD WPScan
CVSS 3.1
6.1
EPSS
7.4%
CVE-2022-0431 MEDIUM POC PATCH This Month

The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google XSS WordPress Insights From Google Pagespeed
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-24191 MEDIUM POC This Month

In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Htmldoc Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-1222 MEDIUM POC PATCH This Month

Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-0837 MEDIUM POC This Month

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Amelia
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0825 MEDIUM POC PATCH This Month

The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass WordPress Amelia
NVD WPScan
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-1166 MEDIUM POC This Month

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Jobmonster
NVD WPScan
CVSS 3.1
5.3
EPSS
1.5%
CVE-2022-28063 MEDIUM POC This Month

Simple Bakery Shop Management System v1.0 contains a file disclosure via /bsms/?page=products. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Simple Bakery Shop Management System
NVD GitHub
CVSS 3.1
4.9
EPSS
1.1%
CVE-2022-27441 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tpcms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-0958 MEDIUM POC PATCH This Month

The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Mark Posts
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0884 MEDIUM POC PATCH This Month

The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Profile Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-27436 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_user at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ecommerce Website
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2022-27651 MEDIUM PATCH This Month

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Docker Buildah Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
6.8
EPSS
1.2%
CVE-2022-1185 MEDIUM This Month

A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Gitlab Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-1148 MEDIUM This Month

Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-1120 MEDIUM This Month

Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-23697 MEDIUM This Month

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oneview
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-24814 MEDIUM PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Directus
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-26616 MEDIUM This Month

PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Journal Systems
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-27609 MEDIUM This Month

Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft One Endpoint
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2022-27608 MEDIUM This Month

Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft One Endpoint
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2022-23700 MEDIUM This Month

A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s): Prior to 6.6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oneview
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-25613 MEDIUM This Month

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Fv Flowplayer Video Player
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1190 MEDIUM This Month

Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
87.4%
CVE-2022-1188 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-1121 MEDIUM This Month

A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-24813 MEDIUM PATCH This Month

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Createwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-25618 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wpdatatables Lite
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-1189 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-1105 MEDIUM This Month

An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-1100 MEDIUM This Month

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-1099 MEDIUM This Month

Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-0740 MEDIUM This Month

Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy