Skip to main content
CVE-2022-30111 MEDIUM POC This Month

Due to the use of an insecure algorithm for rolling codes in MCK Smartlock 1.0, allows attackers to unlock the mechanism via replay attacks. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mck Smartlock
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-28921 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Blogengine Net
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-28924 MEDIUM POC This Month

An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Universis Students
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-1432 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. Public exploit code available.

XSS Octoprint
NVD GitHub
CVSS 3.1
6.4
EPSS
1.2%
CVE-2022-1774 MEDIUM POC PATCH This Month

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Drawio
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-1782 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para prior to v1.45.11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Para
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-1771 MEDIUM POC PATCH This Month

Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vim
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2022-30975 MEDIUM POC This Month

In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Mujs Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-30974 MEDIUM POC This Month

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mujs Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-23068 MEDIUM POC PATCH This Month

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Tooljet
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-29646 MEDIUM POC This Month

An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3100R Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-30992 MEDIUM PATCH This Month

Open redirect via user-controlled query parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Microsoft Cyber Protect
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-30991 MEDIUM PATCH This Month

HTML injection via report name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Code Injection Cyber Protect
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-25617 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Code Snippets
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-22777 MEDIUM This Month

The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Businessconnect Trading Community Management
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-1110 MEDIUM PATCH This Month

A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow Lenovo Smart Standby Driver
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-29230 MEDIUM PATCH This Month

Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Hydrogen
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-30596 MEDIUM PATCH This Month

A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-22776 MEDIUM This Month

The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable vulnerabilities that allows a low privileged attacker with network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Businessconnect Trading Community Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30597 MEDIUM PATCH This Month

A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-25162 MEDIUM This Month

Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U-xMy/z(x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later and versions prior to 1.270,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Melsec Iq Fx5U 32Mt Es Firmware Melsec Iq Fx5U 32Mt Ds Firmware Melsec Iq Fx5U 32Mt Ess Firmware Melsec Iq Fx5U 32Mt Dss Firmware +69
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2022-28717 MEDIUM PATCH This Month

Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Watch Boot Nino Rpc M2C Firmware Watch Boot Light Rpc M5C Firmware Watch Boot L Zero Rpc M4L Firmware Watch Boot Mini Rpc M4H Firmware +11
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-30598 MEDIUM PATCH This Month

A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy