Skip to main content
CVE-2021-37293 MEDIUM POC This Month

A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal 4St L Bems
NVD VulDB
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-0914 MEDIUM POC This Month

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Export All Urls
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-0447 MEDIUM POC This Month

The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Post Grid
NVD WPScan
CVSS 3.1
6.4
EPSS
0.6%
CVE-2022-24833 MEDIUM POC PATCH This Month

PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Privatebin
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-1007 MEDIUM POC PATCH This Month

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Advanced Booking Calendar
NVD WPScan
CVSS 3.1
6.1
EPSS
1.6%
CVE-2022-0892 MEDIUM POC This Month

The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Export All Urls
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0531 MEDIUM POC This Month

The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Migration Backup Staging
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0471 MEDIUM POC PATCH This Month

The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the json_result_url parameter before outputting it back in the Favicon admin dashboard,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Favicon By Realfavicongenerator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0314 MEDIUM POC This Month

The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Nimble Page Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-0271 MEDIUM POC This Month

The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Learnpress
NVD WPScan
CVSS 3.1
6.1
EPSS
2.3%
CVE-2022-27156 MEDIUM POC This Month

Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fuel Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-27111 MEDIUM POC This Month

Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1045 MEDIUM POC PATCH This Month

Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Trudesk
NVD GitHub
CVSS 3.1
5.4
EPSS
1.6%
CVE-2022-0936 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Autolab
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0919 MEDIUM POC This Month

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Salon Booking System
NVD WPScan
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-0246 MEDIUM POC This Month

The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Iq Block Country
NVD WPScan
CVSS 3.1
4.9
EPSS
3.3%
CVE-2022-0969 MEDIUM POC PATCH This Month

The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Image Optimization Lazy Load By Optimole
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-0840 MEDIUM POC This Month

The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Easy Social Icons
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0728 MEDIUM POC This Month

The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Easy Smooth Scroll Links
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1193 MEDIUM POC This Month

Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-24832 MEDIUM PATCH This Month

GoCD is an open source a continuous delivery server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Gocd
NVD GitHub
CVSS 3.1
6.8
EPSS
1.6%
CVE-2022-26091 MEDIUM This Month

Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2022-25832 MEDIUM This Month

Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2022-20075 MEDIUM This Month

In ged, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Integer Overflow Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20072 MEDIUM This Month

In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-20071 MEDIUM This Month

In ccu, there is a possible escalation of privilege due to a missing certificate validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20070 MEDIUM This Month

In ssmr, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20068 MEDIUM This Month

In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20067 MEDIUM This Month

In mdp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20065 MEDIUM This Month

In ccci, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20064 MEDIUM This Month

In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20062 MEDIUM This Month

In mdp, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Use After Free Denial Of Service +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20074 MEDIUM This Month

In preloader (partition), there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2022-20073 MEDIUM This Month

In preloader (usb), there is a possible out of bounds write due to a integer underflow. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Integer Overflow Buffer Overflow Android
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2022-20069 MEDIUM This Month

In preloader (usb), there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Integer Overflow Buffer Overflow Android
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2022-20063 MEDIUM This Month

In atf (spm), there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2022-20052 MEDIUM This Month

In mdp, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Use After Free Denial Of Service +1
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2022-1067 MEDIUM This Month

Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Patient Portal
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-20080 MEDIUM This Month

In SUB2AF, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Race Condition Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-20078 MEDIUM This Month

In vow, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Race Condition Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-20077 MEDIUM This Month

In vow, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Race Condition Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-20081 MEDIUM This Month

In A-GPS, there is a possible man in the middle attack due to improper certificate validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2022-0552 MEDIUM PATCH This Month

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Request Smuggling Origin Aggregated Logging
NVD GitHub
CVSS 3.1
5.9
EPSS
1.1%
CVE-2022-28544 MEDIUM This Month

Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Galaxy Store
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-28543 MEDIUM This Month

Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to read arbitrary files as Samsung Flow permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Path Traversal Samsung Flow
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-28542 MEDIUM This Month

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Galaxy Store
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-27822 MEDIUM This Month

Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-27821 MEDIUM This Month

Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0835 MEDIUM This Month

AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure System Platform
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-26414 MEDIUM This Month

A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Zyxel Vmg3312 T20A Firmware Emg3525 T50b Firmware +30
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy