Skip to main content
CVE-2022-1439 MEDIUM POC PATCH This Month

Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
3.3%
CVE-2022-1108 MEDIUM This Month

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Thinkpad X1 Fold Gen 1 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-1107 MEDIUM This Month

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Thinkpad 11E Firmware Thinkpad Helix Firmware Thinkpad L560 Firmware Thinkpad L570 Firmware +26
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-29589 MEDIUM PATCH This Month

Crypt Server before 3.3.0 allows XSS in the index view. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Crypt Server
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-0636 MEDIUM This Month

A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Lenovo Thin Installer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-26673 MEDIUM This Month

ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rt Ax88U Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-28074 MEDIUM This Month

Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Halo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy