Skip to main content
CVE-2022-27256 MEDIUM POC PATCH This Month

A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Open Redirect Hubzilla
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-26643 MEDIUM POC This Month

An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Easyio Cpt Graphics
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-1337 MEDIUM PATCH This Month

The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mattermost Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-1333 MEDIUM This Month

Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mattermost Playbooks
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-26589 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pluck
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1280 MEDIUM This Month

A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. Rated medium severity (CVSS 6.3). No vendor patch available.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +1
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2022-27505 MEDIUM This Month

Reflected cross site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sd Wan 110 Firmware Sd Wan 210 Firmware Sd Wan 400 Firmware Sd Wan 410 Firmware +8
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-27503 MEDIUM PATCH This Month

Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Citrix Storefront Server
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-26144 MEDIUM PATCH This Month

An XSS issue was discovered in MantisBT before 2.25.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE XSS Mantisbt
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-27475 MEDIUM PATCH This Month

Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP RCE XSS Hotel Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-0023 MEDIUM This Month

An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a meddler-in-the-middle (MITM) to send specifically. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2022-0221 MEDIUM This Month

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XXE Scadapack Workbench
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-24308 MEDIUM This Month

Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Automox
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-22961 MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

VMware Information Disclosure Cloud Foundation Identity Manager Vrealize Automation +2
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-22279 MEDIUM This Month

A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sra 1200 Firmware Sra 4200 Firmware Sma 210 Firmware Sma 410 Firmware +1
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2022-27847 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Yoo Slider
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-27846 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Yoo Slider
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-22959 MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

VMware CSRF Cloud Foundation Identity Manager Vrealize Automation +2
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-1332 MEDIUM PATCH This Month

One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy