Skip to main content
CVE-2022-24899 MEDIUM POC PATCH This Month

Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Canonical XSS Contao
NVD GitHub
CVSS 3.1
6.1
EPSS
4.4%
CVE-2022-24823 MEDIUM POC PATCH This Month

Netty is an open-source, asynchronous event-driven network application framework. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Java Microsoft Information Disclosure Netty Financial Services Crime And Compliance Management Studio +3
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-28507 MEDIUM POC This Month

Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bdt 121 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-28164 MEDIUM This Month

Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sannav
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-30295 MEDIUM This Month

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Uclibc Uclibc Ng
NVD
CVSS 3.1
6.5
EPSS
11.3%
CVE-2022-24878 MEDIUM PATCH This Month

Flux is an open and extensible continuous delivery solution for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kubernetes Path Traversal Flux2 Kustomize Controller
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-29421 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Countdown Builder
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-27183 MEDIUM This Month

The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk XSS
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-28545 MEDIUM PATCH This Month

FUDforum 3.1.1 is vulnerable to Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fudforum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-29422 MEDIUM This Month

Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Countdown Builder
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-29420 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.3.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Countdown Builder
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-27909 MEDIUM This Month

In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can change some parameters in the address bar and see the names of other users' files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jdownloads
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-26070 MEDIUM This Month

When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-24902 MEDIUM PATCH This Month

TkVideoplayer is a simple library to play video files in tkinter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tkvideoplayer
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy