Skip to main content
CVE-2022-30311 CRITICAL Act Now

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Controller Cecc X M1 Firmware Controller Cecc X M1 Mv Firmware Controller Cecc X M1 Mv S1 Firmware Controller Cecc X M1 Ys L1 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-30310 CRITICAL Act Now

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Controller Cecc X M1 Firmware Controller Cecc X M1 Mv Firmware Controller Cecc X M1 Mv S1 Firmware Controller Cecc X M1 Ys L1 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-30309 CRITICAL Act Now

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Controller Cecc X M1 Firmware Controller Cecc X M1 Mv Firmware Controller Cecc X M1 Mv S1 Firmware Controller Cecc X M1 Ys L1 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2022-30308 CRITICAL Act Now

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Controller Cecc X M1 Firmware Controller Cecc X M1 Mv Firmware Controller Cecc X M1 Mv S1 Firmware Controller Cecc X M1 Ys L1 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-29525 CRITICAL Act Now

Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Casa
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-1961 MEDIUM POC PATCH This Month

The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Google WordPress PHP XSS Google Tag Manager
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-1658 MEDIUM POC This Month

Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abb_remove_plugin AJAX action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Jupiter
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-2065 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Facturascripts
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1792 MEDIUM POC This Month

The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Quick Subscribe
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-1787 MEDIUM POC This Month

The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Sideblog
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-1781 MEDIUM POC This Month

The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Posttabs
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-1780 MEDIUM POC This Month

The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Latex
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-1764 MEDIUM POC This Month

The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Wp Chgfontsize
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-1763 MEDIUM POC This Month

Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Static Page Extended
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-1759 MEDIUM POC This Month

The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Rb Internal Links
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-1549 MEDIUM POC This Month

The WP Athletics WordPress plugin through 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Athletics
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2060 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-1707 MEDIUM This Month

The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.2% and no vendor patch available.

Google WordPress PHP XSS Google Tag Manager
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
16.2%
CVE-2022-1595 MEDIUM POC This Month

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Hc Custom Wp Admin Url
NVD WPScan
CVSS 3.1
5.3
EPSS
2.6%
CVE-2022-31760 CRITICAL Act Now

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2022-1969 HIGH This Week

The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Mobile Browser Color Select
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-1900 HIGH This Week

The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Copify
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-32562 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Couchbase Server
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-32278 HIGH PATCH This Week

XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Exo Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-31400 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Helpdeskz
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-31398 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Helpdeskz
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-1814 MEDIUM POC This Month

The WP Admin Style WordPress plugin through 0.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Admin Style
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1772 MEDIUM POC This Month

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Google Places Reviews
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-1710 MEDIUM POC This Month

The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Appointment Hour Booking
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1336 MEDIUM POC This Month

The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Carousel Ck
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1335 MEDIUM POC This Month

The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Slideshow Ck
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1793 MEDIUM POC This Month

The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Private Files
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1594 MEDIUM POC This Month

The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Hc Custom Wp Admin Url
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-31762 HIGH This Week

The AMS module has a vulnerability in input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-24077 HIGH This Week

Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Cloud Explorer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-32565 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32192 HIGH This Week

Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-32564 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-32560 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-32558 HIGH This Week

An issue was discovered in Couchbase Server before 7.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-31054 HIGH PATCH This Week

Argo Events is an event-driven workflow automation framework for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Kubernetes Argo Events
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-29798 HIGH This Week

There is a denial of service vulnerability in CV81-WDM FW versions 01.70.49.29.46. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cv81 Wdm Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31761 HIGH This Week

Configuration defects in the secure OS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31757 HIGH This Week

The setting module has a vulnerability of improper use of APIs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31754 HIGH This Week

Logical defects in code implementation in some products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31753 HIGH This Week

The voice wakeup module has a vulnerability of using externally-controlled format strings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31055 HIGH PATCH This Week

kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Kubernetes Kctf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-29244 HIGH PATCH This Week

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Node.js Information Disclosure npm Ontap Select Deploy Administration Utility
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2022-26834 HIGH This Week

Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Casa
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-2013 HIGH This Week

In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Deploy
NVD
CVSS 3.1
7.5
EPSS
0.8%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy