Skip to main content
CVE-2020-27375 MEDIUM POC This Month

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Icheck Connect Bp Monitor Bp Testing 118 Firmware
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-24681 MEDIUM POC PATCH This Month

Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Zoho XSS Manageengine Adselfservice Plus
NVD
CVSS 3.1
6.1
EPSS
3.6%
CVE-2022-25338 MEDIUM This Month

ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Owncloud Client
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-25595 MEDIUM This Month

ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rt Ac86U Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-22518 MEDIUM This Month

A bug in CmpUserMgr component can lead to only partially applied security policies. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Control For Beaglebone Sl Control For Beckhoff Cx9020 Control For Empc A Imx6 Sl Control For Iot2000 Sl +6
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-22513 MEDIUM This Month

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Control For Beaglebone Sl Control For Beckhoff Cx9020 Control For Empc A Imx6 Sl +17
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-43432 MEDIUM PATCH This Month

A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xmall
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-25339 MEDIUM This Month

ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Owncloud Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-25594 MEDIUM This Month

Microprogram’s parking lot management system is vulnerable to sensitive information exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Parking Lot Management System
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-27819 MEDIUM PATCH This Month

SWHKD 1.1.5 allows unsafe parsing via the -c option. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Swhkd
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy