Skip to main content
CVE-2022-2101 MEDIUM POC PATCH This Month

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file[files][]` parameter in versions up to, and including, 3.2.46 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Download Manager
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2022-34643 MEDIUM POC This Month

RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Spike Risc V Isa Simulator
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34642 MEDIUM POC This Month

The component mcontrol.action in RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 contains the incorrect mask which can cause a Denial of Service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Spike Risc V Isa Simulator
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34641 MEDIUM POC PATCH This Month

CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Riscvc Boom Cva6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-34640 MEDIUM POC This Month

The *tval of ecall/ebreak in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a was discovered to be incorrect. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cva6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34639 MEDIUM POC PATCH This Month

CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a treats non-standard fence instructions as illegal which can affect the function of the application. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Cva6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34637 MEDIUM POC This Month

CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a implements an incorrect exception type when an illegal virtual address is loaded. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cva6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34636 MEDIUM POC This Month

CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMA violation occurs during address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cva6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34634 MEDIUM POC This Month

CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted det instructions rather create an exception. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cva6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34633 MEDIUM POC This Month

CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted sfence.vma instructions rather create an exception. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cva6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-24692 MEDIUM POC This Month

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Dsknet
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2400 MEDIUM POC PATCH This Month

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Dompdf
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-24689 MEDIUM POC This Month

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dsknet
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-26118 MEDIUM PATCH This Month

A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Fortianalyzer Fortimanager
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-2108 MEDIUM PATCH This Month

The plugin Wbcom Designs - BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Buddypress Group Reviews
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-22445 MEDIUM This Month

An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Powervm Hypervisor
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-30621 MEDIUM This Month

Allows a remote user to read files on the camera's OS "GetFileContent.cgi". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cellinx Nvt Ip Ptz Camera Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-28681 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Pdf Editor Pdf Reader
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-23438 MEDIUM This Month

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet XSS Fortios
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-22304 MEDIUM This Month

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Fortiauthenticator Agent For Microsoft Outlook Web Access
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2117 MEDIUM This Month

The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Givewp
NVD VulDB
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-2224 MEDIUM PATCH This Month

The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Gallery For Social Photo
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-2223 MEDIUM PATCH This Month

The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Image Slider
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-23142 MEDIUM This Month

ZXEN CG200 has a DoS vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zxen Cg200 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-30625 MEDIUM This Month

Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure P5E Gnss Firmware
NVD
CVSS 3.1
5.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy