Skip to main content
CVE-2022-26588 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Icehrm
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-27991 MEDIUM POC This Month

Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /staff_login.php via the Staff ID and Staff Password parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Banking System
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-24229 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Document Server
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-27063 MEDIUM POC This Month

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Aerocms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-26624 MEDIUM POC This Month

Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ecommerce Codeigniter Bootstrap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-1284 MEDIUM POC PATCH This Month

heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-1283 MEDIUM POC PATCH This Month

NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-27148 MEDIUM POC This Month

GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-27147 MEDIUM POC This Month

GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-27146 MEDIUM POC This Month

GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-27145 MEDIUM POC This Month

GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-24820 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-24819 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
3.3%
CVE-2022-27348 MEDIUM POC This Month

Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Social Codia Sms
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2022-27062 MEDIUM POC This Month

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Aerocms
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2022-27152 MEDIUM This Month

Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Roku Os
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2022-26855 MEDIUM This Month

Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Dell Emc Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-22563 MEDIUM This Month

Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy