Skip to main content
CVE-2022-31461 MEDIUM POC This Month

Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Meeting Owl Pro Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-31459 MEDIUM POC This Month

Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Meeting Owl Pro Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29597 MEDIUM POC This Month

Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Regulatory Reporting System
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2022-31973 MEDIUM POC This Month

Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Online Fire Reporting System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-31966 MEDIUM POC This Month

ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via /simple_chat_bot/classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Chatbot App With Suggestion
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-31342 MEDIUM POC This Month

Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Online Car Wash Booking System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-30804 MEDIUM POC This Month

elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Elite Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-27776 MEDIUM POC This Month

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora Debian Linux Hci Bootstrap Os +9
NVD
CVSS 3.1
6.5
EPSS
3.4%
CVE-2022-1462 MEDIUM POC This Month

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Race Condition Linux Buffer Overflow Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2022-30514 MEDIUM POC This Month

School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS School Dormitory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
3.3%
CVE-2022-30513 MEDIUM POC This Month

School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS School Dormitory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
3.3%
CVE-2022-30349 MEDIUM POC This Month

siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Siteserver Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-29732 MEDIUM POC This Month

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Entelitouch Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-29598 MEDIUM POC This Month

Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx . Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Regulatory Reporting System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-29733 MEDIUM POC This Month

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Entelitouch Firmware
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2022-27774 MEDIUM POC This Month

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bootstrap
NVD VulDB
CVSS 3.1
5.7
EPSS
0.3%
CVE-2022-32202 MEDIUM POC PATCH This Month

In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libjpeg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-32201 MEDIUM POC PATCH This Month

In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libjpeg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-31783 MEDIUM POC PATCH This Month

Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Liblouis Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-29780 MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-29779 MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-30429 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Neos Cms
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-26497 MEDIUM POC PATCH This Month

BigBlueButton Greenlight 2.11.1 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Greenlight
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-30999 MEDIUM POC PATCH This Month

FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Upload
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-29648 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-29628 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Market Place Site
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-27779 MEDIUM POC This Month

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Hci Bootstrap Os Clustered Data Ontap Solidfire Enterprise Sds Hci Storage Node +7
NVD
CVSS 3.1
5.3
EPSS
2.4%
CVE-2022-30482 MEDIUM POC This Month

Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ecommerce Project With Php And Mysqli Fruits Bazar
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2022-1716 MEDIUM POC This Month

Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Keep My Notes
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2022-30115 MEDIUM POC PATCH This Month

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Curl Hci Bootstrap Os Clustered Data Ontap Solidfire Enterprise Sds Hci Storage Node +6
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2022-29627 MEDIUM POC This Month

An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Online Market Place Site
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-1789 MEDIUM This Month

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Kernel Fedora Enterprise Linux +1
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-29085 MEDIUM This Month

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-30233 MEDIUM This Month

A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31024 MEDIUM PATCH This Month

richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Nextcloud Richdocuments
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-26944 MEDIUM This Month

Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xtrabackup
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-1982 MEDIUM PATCH This Month

Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mattermost Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-31796 MEDIUM PATCH This Month

libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-29788 MEDIUM PATCH This Month

libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libmobi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-24238 MEDIUM This Month

ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aceweb Online Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-29718 MEDIUM PATCH This Month

Caddy v2.4 was discovered to contain an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Caddy
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-29711 MEDIUM PATCH This Month

LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-29653 MEDIUM This Month

OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ofcms
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-29540 MEDIUM This Month

resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gemini Net
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-26978 MEDIUM This Month

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Control Room Management Suite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-26977 MEDIUM This Month

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload Control Room Management Suite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-26974 MEDIUM This Month

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload Control Room Management Suite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-26972 MEDIUM This Month

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Control Room Management Suite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-23237 MEDIUM This Month

E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect E Series Santricity Os Controller
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-26491 MEDIUM PATCH This Month

An issue was discovered in Pidgin before 2.14.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Pidgin Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
2.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy