Skip to main content
CVE-2022-1095 MEDIUM POC This Month

The Mihdan: No External Links WordPress plugin before 5.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress No External Links Project
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1029 MEDIUM POC This Month

The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Limit Login Attempts
NVD WPScan
CVSS 3.1
4.8
EPSS
0.8%
CVE-2022-1028 MEDIUM POC This Month

The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wordpress Security
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-1010 MEDIUM POC This Month

The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Login Using Wordpress Users
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-1960 MEDIUM POC This Month

The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Mycss
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1914 MEDIUM POC This Month

The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Clean Contact
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1913 MEDIUM POC This Month

The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Add Post Url
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1885 MEDIUM POC This Month

The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Cimy Header Image Rotator
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1847 MEDIUM POC This Month

The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Rotating Posts
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1846 MEDIUM POC This Month

The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Tiny Contact Form
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1845 MEDIUM POC This Month

The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Post Styling
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1844 MEDIUM POC This Month

The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Wp Sentry
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1842 MEDIUM POC This Month

The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF WordPress Openbook Book Data
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1653 MEDIUM POC This Month

The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Social Share Buttons
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1627 MEDIUM POC This Month

The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress My Private Site
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1625 MEDIUM POC This Month

The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress New User Approve
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-1573 MEDIUM POC This Month

The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Html2Wp
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-0875 MEDIUM POC This Month

The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS CSRF WordPress Google Authenticator
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-0444 MEDIUM POC This Month

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Xcloner
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-31034 HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-33202 HIGH This Week

Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass L2Blocker
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2022-31087 HIGH PATCH This Week

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

PHP RCE Ldap Account Manager Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-31091 HIGH PATCH This Week

Guzzle, an extensible PHP HTTP client. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle Debian Linux
NVD GitHub
CVSS 3.1
7.7
EPSS
1.4%
CVE-2022-31090 HIGH PATCH This Week

Guzzle, an extensible PHP HTTP client. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle Debian Linux
NVD GitHub
CVSS 3.1
7.7
EPSS
1.8%
CVE-2022-31103 HIGH PATCH This Week

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Lettersanitizer
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-31098 HIGH PATCH This Week

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Information Disclosure Weave Gitops
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-31093 HIGH PATCH This Week

NextAuth.js is a complete open source authentication solution for Next.js applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Next Auth
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-31089 HIGH PATCH This Week

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Node.js Parse Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-28622 HIGH This Week

A potential security vulnerability has been identified in HPE StoreOnce Software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Storeonce 3640 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-28168 HIGH This Week

In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sannav
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-28166 HIGH This Week

In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 &. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sannav
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-26477 HIGH PATCH This Week

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Systemds
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-31099 MEDIUM PATCH This Month

rulex is a new, portable, regular expression language. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Pomsky
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-31100 MEDIUM PATCH This Month

rulex is a new, portable, regular expression language. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Pomsky
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-2221 MEDIUM This Month

Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Remote Desktop Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-28167 MEDIUM This Month

Brocade SANnav before Brocade SANvav v. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sannav
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-31094 MEDIUM PATCH This Month

ScratchTools is a web extension designed to make interacting with the Scratch programming language community (Scratching) easier. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Scratchtools
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-31085 MEDIUM PATCH This Month

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP OpenSSL Information Disclosure Ldap Account Manager Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-31065 MEDIUM PATCH This Month

BigBlueButton is an open source web conferencing system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bigbluebutton
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-28172 MEDIUM This Month

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hikvision XSS Ds A71024 Firmware Ds A71048 Firmware Ds A71072R Firmware +8
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-33146 MEDIUM PATCH This Month

Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Web2Py
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-31096 MEDIUM This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2022-31077 MEDIUM PATCH This Month

KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Kubernetes Null Pointer Dereference Kubeedge
NVD GitHub
CVSS 3.1
5.7
EPSS
0.8%
CVE-2022-31057 MEDIUM PATCH This Month

Shopware is an open source e-commerce software made in Germany. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Shopware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-31035 MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Kubernetes XSS Argo Cd
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-31088 MEDIUM PATCH This Month

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ldap Account Manager Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-31039 MEDIUM PATCH This Month

Greenlight is a simple front-end interface for your BigBlueButton server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Greenlight
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-2088 MEDIUM This Month

An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Smartics
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-31036 MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-33879 LOW PATCH Monitor

The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tika
NVD
CVSS 3.1
3.3
EPSS
1.9%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy