Skip to main content
CVE-2022-31875 MEDIUM POC This Month

Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tv Ip110Wn Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-31873 MEDIUM POC This Month

Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tv Ip110Wn Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-32444 MEDIUM POC This Month

An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect U5Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2022-32442 MEDIUM POC This Month

u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS U5Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-2113 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Inventree
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-31876 MEDIUM POC This Month

netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Netgear Information Disclosure Wnap320 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-25872 MEDIUM POC This Month

All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Fast String Search
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-30607 MEDIUM PATCH This Month

IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Robotic Process Automation
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-45026 MEDIUM This Month

ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ags Zena
NVD VulDB
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-21184 MEDIUM This Month

An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Atvise
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2022-31246 MEDIUM This Month

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Electrum
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-21503 MEDIUM This Month

Vulnerability in the Oracle Cloud Infrastructure product of Oracle Cloud Services. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Cloud Infrastructure
NVD
CVSS 3.1
4.9
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy