Skip to main content
CVE-2022-31151 MEDIUM POC PATCH This Month

Authorization headers are cleared on cross-origin redirect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Undici
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-34487 MEDIUM POC This Month

Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Shortcode Addons
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2022-33198 MEDIUM POC This Month

Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Accordions
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2022-28666 MEDIUM POC This Month

Broken Access Control vulnerability in YIKES Inc. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Custom Product Tabs For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-28877 MEDIUM This Month

This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation RCE Elements Endpoint Protection
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-22555 MEDIUM This Month

Dell EMC PowerStore, contains an OS command injection Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Emc Powerstore 500T Firmware Emc Powerstore 1200T Firmware Emc Powerstore 3200T Firmware +2
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2022-28861 MEDIUM This Month

The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Citilog
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2022-28860 MEDIUM This Month

An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Citilog
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2022-36313 MEDIUM POC PATCH This Month

A malformed MKV file can trigger an infinite loop in the file-type Node.js package (versions before 16.5.4 and 17.x before 17.1.3), causing application unresponsiveness and enabling denial-of-service attacks. The vulnerability affects the Sindresorhus file-type library, a widely-used dependency for file type detection, and requires only local access and user interaction to trigger (CVSS 5.5). With an EPSS score of 0.17% (38th percentile), actual exploitation probability remains relatively low despite the moderate severity rating.

Denial Of Service Node.js File Type
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-30628 MEDIUM This Month

It was possible to download all receipts without authentication. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Supersmart Me Walk Through
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31475 MEDIUM This Month

Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal Givewp
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-30536 MEDIUM PATCH This Month

Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS WordPress Wp Maintenance
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-30337 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF WordPress Wp Meta Seo
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-32289 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.0 at WordPress leading to popup status change. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF WordPress Popup Builder
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy