Skip to main content
CVE-2022-31884 MEDIUM POC This Month

Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Marval Msm
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-31886 MEDIUM POC This Month

Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Marval Msm
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
2.1%
CVE-2022-31108 MEDIUM POC PATCH This Month

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mermaid
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-2231 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2022-23896 MEDIUM POC PATCH This Month

Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Admidio
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0085 MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Dompdf
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-29858 MEDIUM POC PATCH This Month

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Assets
NVD GitHub
CVSS 3.1
4.3
EPSS
1.2%
CVE-2022-24444 MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.10 allows Session Fixation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Silverstripe
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-31052 MEDIUM PATCH This Month

Synapse is an open source home server implementation for the Matrix chat network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2022-34133 MEDIUM PATCH This Month

Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2022-30561 MEDIUM This Month

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ipc Hdbw2431E S S2 Firmware Ipc Hdbw2831E S S2 Firmware Ipc Hdbw2230E S S2 Firmware Ipc Hdbw2831R Zs S2 Firmware +36
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2022-31104 MEDIUM PATCH This Month

Wasmtime is a standalone runtime for WebAssembly. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Cranelift Codegen Wasmtime
NVD GitHub
CVSS 3.1
5.6
EPSS
1.6%
CVE-2022-25238 MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Framework
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-31068 MEDIUM PATCH This Month

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Glpi
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-31229 MEDIUM This Month

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Powerscale Onefs
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-30562 MEDIUM This Month

If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect Ipc Hdbw2431E S S2 Firmware Ipc Hdbw2831E S S2 Firmware Ipc Hdbw2230E S S2 Firmware Ipc Hdbw2831R Zs S2 Firmware +36
NVD
CVSS 3.1
4.7
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy