Skip to main content
CVE-2022-1015 MEDIUM POC This Month

A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Linux Buffer Overflow Linux Kernel Fedora
NVD
CVSS 3.1
6.6
EPSS
1.5%
CVE-2022-1530 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Live Helper Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-29907 MEDIUM POC This Month

The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-25854 MEDIUM POC PATCH This Month

This affects the package @yaireo/tagify before 4.9.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Tagify
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-29905 MEDIUM POC This Month

The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mediawiki
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-29903 MEDIUM POC This Month

The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mediawiki
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-28198 MEDIUM This Month

NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia OpenSSL Omniverse Cache Omniverse Nucleus
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-29947 MEDIUM PATCH This Month

Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Woodpecker
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-1195 MEDIUM PATCH This Month

A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Race Condition Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-29414 MEDIUM This Month

Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Subscribe To Comments Reloaded
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-1536 MEDIUM This Month

A vulnerability has been found in automad up to 1.10.9 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Automad
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1526 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Emlog
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0984 MEDIUM PATCH This Month

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora Enterprise Linux
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-0985 MEDIUM PATCH This Month

Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Moodle
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy