Skip to main content
CVE-2022-24910 MEDIUM POC This Month

A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Ir302 Firmware
NVD
CVSS 3.1
6.7
EPSS
1.3%
CVE-2022-26510 MEDIUM POC This Month

A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Ir302 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-26020 MEDIUM POC This Month

An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ir302 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-1044 MEDIUM POC PATCH This Month

Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Trudesk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-25172 MEDIUM POC This Month

An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Information Disclosure Ir302 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-21238 MEDIUM POC This Month

A cross-site scripting (xss) vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Inrouter302 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-28919 MEDIUM POC This Month

HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dokuwiki Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-1682 MEDIUM POC PATCH This Month

Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Facturascripts
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-21147 MEDIUM POC This Month

An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Alyac
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-29302 MEDIUM POC This Month

SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Sv Cpt Mc310 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-1674 MEDIUM POC PATCH This Month

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim Fedora macOS
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2022-28920 MEDIUM POC This Month

Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the function strip_tags. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tieba Cloud Sign
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0004 MEDIUM This Month

Hardware debug modes and processor INIT setting that allow override of locks for some Intel(R) Processors in Intel(R) Boot Guard and Intel(R) TXT may allow an unauthenticated user to potentially. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intel Core I3 12100 Firmware Core I3 12100F Firmware Core I3 12100T Firmware +394
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-24382 MEDIUM PATCH This Month

Improper input validation in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Intel Lapbc510 Firmware Lapbc710 Firmware Lapkc71F Firmware +56
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-24297 MEDIUM PATCH This Month

Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Intel Lapbc510 Firmware Lapbc710 Firmware Lapkc71F Firmware +56
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-21237 MEDIUM PATCH This Month

Improper buffer access in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Privilege Escalation Intel Buffer Overflow Lapbc510 Firmware Lapbc710 Firmware +57
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-22971 MEDIUM PATCH This Month

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Java Spring Framework Financial Services Crime And Compliance Management Studio Cloud Secure Agent +1
NVD
CVSS 3.1
6.5
EPSS
3.1%
CVE-2020-22985 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Microstrategy Web Sdk
NVD VulDB
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-22984 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Microstrategy Web Sdk
NVD VulDB
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-22986 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Microstrategy Web Sdk
NVD VulDB
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-22987 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Microstrategy Web Sdk
NVD VulDB
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-23165 MEDIUM This Month

Sysaid - Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Information Disclosure Sysaid
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-22797 MEDIUM This Month

Sysaid - sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location:. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Open Redirect Sysaid
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-28818 MEDIUM This Month

ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Coldfusion
NVD
CVSS 3.1
6.1
EPSS
43.1%
CVE-2022-29929 MEDIUM This Month

In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-29927 MEDIUM This Month

In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-21151 MEDIUM This Month

Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Celeron N6210 Firmware Celeron N4500 Firmware Celeron N4505 Firmware +395
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-21136 MEDIUM This Month

Improper input validation for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Core I9 7940X Firmware Core I9 7960X Firmware Core I9 7980Xe Firmware +143
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-21131 MEDIUM This Month

Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Core I9 7940X Firmware Core I9 7960X Firmware Core I9 7980Xe Firmware +143
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-22970 MEDIUM PATCH This Month

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Java Spring Framework Financial Services Crime And Compliance Management Studio Active Iq Unified Manager +3
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2022-29538 MEDIUM This Month

RESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gemini Net
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-29930 MEDIUM PATCH This Month

SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ktor
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-29928 MEDIUM This Month

In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-28873 MEDIUM This Month

A vulnerability affecting F-Secure SAFE browser was discovered. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Safe
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy