Skip to main content
CVE-2022-31040 MEDIUM PATCH This Month

Open Forms is an application for creating and publishing smart forms. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Open Forms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-27231 MEDIUM This Month

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Statistics
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-1750 MEDIUM This Month

The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Sticky Popup
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-31752 MEDIUM This Month

Missing authorization vulnerability in the system components. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Emui Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-31763 MEDIUM This Month

The kernel module has the null pointer and out-of-bounds array vulnerabilities. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31759 MEDIUM This Month

AppLink has a vulnerability of accessing uninitialized pointers. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-31756 MEDIUM This Month

The fingerprint sensor module has design defects. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31755 MEDIUM This Month

The communication module has a vulnerability of improper permission preservation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31751 MEDIUM This Month

The kernel emcom module has multi-thread contention. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-1656 MEDIUM This Month

Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Jupiter X Core Jupiterx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-32741 MEDIUM This Month

Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-32740 MEDIUM This Month

A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-32739 MEDIUM This Month

When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Calendar Resource Planning Otrs
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-0209 MEDIUM This Month

The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Facebook Wall And Social Integration
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-29894 MEDIUM This Month

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Strapi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-31758 MEDIUM This Month

The kernel module has the race condition vulnerability. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2022-27174 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Easy Blog
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy