Skip to main content
CVE-2022-1703 HIGH This Week

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Command Injection Sonicwall Sma 210 Firmware Sma 410 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
11.1%
CVE-2022-28386 MEDIUM POC This Month

An issue was discovered in certain Verbatim drives through 2022-03-31. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Keypad Secure Usb 3 2 Gen 1 Firmware Gd25Lk01 3637 C Firmware
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2022-28387 MEDIUM POC This Month

An issue was discovered in certain Verbatim drives through 2022-03-31. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Executive Fingerprint Secure Ssd Firmware Fingerprint Secure Portable Hard Drive Firmware
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2022-28385 MEDIUM POC This Month

An issue was discovered in certain Verbatim drives through 2022-03-31. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Apple Information Disclosure Executive Fingerprint Secure Ssd Firmware Fingerprint Secure Portable Hard Drive Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2022-1712 MEDIUM POC This Month

The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Livesync
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1709 MEDIUM POC This Month

The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Throws Spam Away
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1695 MEDIUM POC This Month

The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Simple Adsense Insertion
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1421 MEDIUM POC This Month

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Discy
NVD WPScan
CVSS 3.1
4.3
EPSS
1.2%
CVE-2022-30552 MEDIUM CISA This Month

Das U-Boot 2022.01 has a Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow U Boot
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-24296 HIGH This Week

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ae 200A Firmware Ae 200E Firmware Ae 200J Firmware Ae 50A Firmware +16
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-1690 LOW POC Monitor

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Note Press
NVD WPScan
CVSS 3.1
2.7
EPSS
0.8%
CVE-2022-1689 LOW POC Monitor

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Note Press
NVD WPScan
CVSS 3.1
2.7
EPSS
0.8%
CVE-2022-1688 LOW POC Monitor

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Note Press
NVD WPScan
CVSS 3.1
2.7
EPSS
0.8%
CVE-2022-1687 LOW POC Monitor

The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Logo Slider
NVD WPScan
CVSS 3.1
2.7
EPSS
0.8%
CVE-2022-1686 LOW POC Monitor

The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Five Minute Webshop
NVD WPScan
CVSS 3.1
2.7
EPSS
0.8%
CVE-2022-1684 LOW POC Monitor

The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Cube Slider
NVD WPScan
CVSS 3.1
2.7
EPSS
0.8%
CVE-2022-30875 MEDIUM This Month

Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-31497 MEDIUM This Month

LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-30899 MEDIUM This Month

A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Partkeepr
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-32273 MEDIUM This Month

As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Metadefender
NVD
CVSS 3.1
4.3
EPSS
0.7%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy