Skip to main content
CVE-2022-29854 MEDIUM POC This Month

A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Minet Firmware
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2022-30408 MEDIUM POC This Month

Covid-19 Travel Pass Management System v1.0 is vulnerable to file deletion via /ctpms/classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Covid 19 Travel Pass Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-30381 MEDIUM POC This Month

Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Merchandise Online Store
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-30375 MEDIUM POC This Month

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Simple Social Networking Site
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-30367 MEDIUM POC This Month

Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Air Cargo Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-30489 MEDIUM POC This Month

WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wn535G3 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
4.1%
CVE-2022-27247 MEDIUM POC This Month

onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Winhotel Mx
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-22393 MEDIUM PATCH This Month

IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-1702 MEDIUM This Month

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Sonicwall Sma 6200 Firmware Sma 6210 Firmware Sma 7200 Firmware +2
NVD
CVSS 3.1
6.1
EPSS
8.6%
CVE-2022-22325 MEDIUM PATCH This Month

IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Mq For Hpe Nonstop
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-28830 MEDIUM This Month

Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Framemaker
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2022-29433 MEDIUM This Month

Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Donations
NVD
CVSS 3.1
5.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy