Skip to main content
CVE-2022-34295 MEDIUM POC PATCH This Month

totd before 1.5.3 does not properly randomize mesg IDs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Totd
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-34012 MEDIUM POC This Month

Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Oneblog
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-34328 MEDIUM POC This Month

PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pmb
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2022-32131 MEDIUM POC This Month

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /index/notice/show. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32130 MEDIUM POC This Month

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/down_resume/total/nature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32129 MEDIUM POC This Month

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/account/safety/trade. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32128 MEDIUM POC This Month

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/service/increment/add/im. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32127 MEDIUM POC This Month

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/view_be_browsed/total. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32126 MEDIUM POC This Month

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32125 MEDIUM POC This Month

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32124 MEDIUM POC This Month

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-34305 MEDIUM POC PATCH This Month

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache XSS
NVD
CVSS 3.1
6.1
EPSS
6.2%
CVE-2022-33124 MEDIUM POC This Month

AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Aiohttp
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-33070 MEDIUM POC This Month

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Protobuf C Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-33069 MEDIUM POC This Month

Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment() at SMTEncoder.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Solidity
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-33068 MEDIUM POC PATCH This Month

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Harfbuzz Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-33067 MEDIUM POC This Month

Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Long Range Zip
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-33113 MEDIUM POC This Month

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-29526 MEDIUM POC PATCH This Month

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Go Fedora Beegfs Csi Driver
NVD GitHub
CVSS 3.1
5.3
EPSS
2.6%
CVE-2022-32987 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Bakery Shop Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-34013 MEDIUM POC This Month

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Oneblog
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-34011 MEDIUM POC This Month

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Oneblog
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-34213 MEDIUM This Month

Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Squash Tm Publisher
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34211 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Vrealize Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-34210 MEDIUM This Month

A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Threadfix
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-34209 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Threadfix
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-34207 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Beaker Builder
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-34205 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Jianliao Notification
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-34202 MEDIUM This Month

Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Easyqa
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34201 MEDIUM This Month

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Convertigo Mobile Platform
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-34199 MEDIUM This Month

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Convertigo Mobile Platform
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31009 MEDIUM PATCH This Month

wire-ios is an iOS client for the Wire secure messaging application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apple Wire
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-34182 MEDIUM PATCH This Month

Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Nested View
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-34178 MEDIUM PATCH This Month

Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Embeddable Build Status
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-34212 MEDIUM This Month

A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Vrealize Orchestrator
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2022-34198 MEDIUM This Month

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Stash Branch Parameter
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-34197 MEDIUM PATCH This Month

Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Sauce Ondemand
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34196 MEDIUM PATCH This Month

Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Rest List Parameter
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-34195 MEDIUM This Month

Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Repository Connector
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-34194 MEDIUM This Month

Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Readonly Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34193 MEDIUM This Month

Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Package Version
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34192 MEDIUM This Month

Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Ontrack
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-34191 MEDIUM PATCH This Month

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Ns Nd Integration Performance Publisher
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34190 MEDIUM This Month

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Maven Metadata
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34189 MEDIUM This Month

Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Image Tag Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34188 MEDIUM PATCH This Month

Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Hidden Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34187 MEDIUM This Month

Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Filesystem List Parameter
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-34186 MEDIUM This Month

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dynamic Extended Choice Parameter
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-34185 MEDIUM This Month

Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Date Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34184 MEDIUM This Month

Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Crx Content Package Deployer
NVD
CVSS 3.1
5.4
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy