Skip to main content
CVE-2022-2061 LOW POC PATCH Monitor

Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior to 1.12.0. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Chafa
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
CVE-2022-29257 HIGH PATCH This Week

Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Electron
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-23169 HIGH This Week

attacker needs to craft a SQL payload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Mobile Application Gateway
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2022-28704 HIGH This Week

Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Casa
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2022-22259 MEDIUM This Month

There is an improper authentication vulnerability in FLMG-10 10.0.1.0(H100SP22C00). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Flmg 10 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-1820 MEDIUM PATCH This Month

The Keep Backup Daily plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘t’ parameter in versions up to, and including, 2.0.2 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Keep Backup Daily
NVD VulDB
CVSS 3.1
6.1
EPSS
3.0%
CVE-2022-1822 MEDIUM PATCH This Month

The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Zephyr Project Manager
NVD VulDB
CVSS 3.1
6.1
EPSS
3.0%
CVE-2022-32193 MEDIUM This Month

Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-28217 MEDIUM This Month

Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF SAP Netweaver
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31041 MEDIUM PATCH This Month

Open Forms is an application for creating and publishing smart forms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Open Forms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-26041 MEDIUM This Month

Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker with an administrative privilege to read or alter an arbitrary file on the server via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Rccmd
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-31040 MEDIUM PATCH This Month

Open Forms is an application for creating and publishing smart forms. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Open Forms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-27231 MEDIUM This Month

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Statistics
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-1750 MEDIUM This Month

The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Sticky Popup
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-31752 MEDIUM This Month

Missing authorization vulnerability in the system components. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Emui Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-31763 MEDIUM This Month

The kernel module has the null pointer and out-of-bounds array vulnerabilities. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31759 MEDIUM This Month

AppLink has a vulnerability of accessing uninitialized pointers. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-31756 MEDIUM This Month

The fingerprint sensor module has design defects. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31755 MEDIUM This Month

The communication module has a vulnerability of improper permission preservation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31751 MEDIUM This Month

The kernel emcom module has multi-thread contention. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-1656 MEDIUM This Month

Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Jupiter X Core Jupiterx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-32741 MEDIUM This Month

Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-32740 MEDIUM This Month

A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-32739 MEDIUM This Month

When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Calendar Resource Planning Otrs
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-0209 MEDIUM This Month

The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Facebook Wall And Social Integration
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-29894 MEDIUM This Month

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Strapi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-31758 MEDIUM This Month

The kernel module has the race condition vulnerability. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2022-27174 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Easy Blog
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy