Skip to main content
CVE-2022-1501 MEDIUM POC This Month

Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-1497 MEDIUM POC This Month

Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-1482 MEDIUM POC This Month

Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Buffer Overflow Chrome
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-1499 MEDIUM POC This Month

Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2022-1494 MEDIUM POC This Month

Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Chrome
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-1492 MEDIUM POC This Month

Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Chrome
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-34991 MEDIUM POC This Month

Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Paymoney
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-34988 MEDIUM POC This Month

Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Blockchain Altexchanger
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-1498 MEDIUM POC This Month

Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-1495 MEDIUM POC This Month

Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-1488 MEDIUM POC This Month

Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-1500 MEDIUM This Month

Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-30706 MEDIUM This Month

Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Booked
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-29965 MEDIUM This Month

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Deltav Distributed Control System Deltav Distributed Control System Sq Controller Firmware Deltav Distributed Control System Sx Controller Firmware Se4002S1T2B6 High Side 40 Pin Mass I O Terminal Block Firmware +21
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-29964 MEDIUM This Month

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Deltav Distributed Control System Sq Controller Firmware Deltav Distributed Control System Sx Controller Firmware Se4002S1T2B6 High Side 40 Pin Mass I O Terminal Block Firmware Se4003S2B4 16 Pin Mass I O Terminal Block Firmware +20
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-29963 MEDIUM This Month

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Deltav Distributed Control System Sq Controller Firmware Deltav Distributed Control System Sx Controller Firmware Se4002S1T2B6 High Side 40 Pin Mass I O Terminal Block Firmware Se4003S2B4 16 Pin Mass I O Terminal Block Firmware +20
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-29962 MEDIUM This Month

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Deltav Distributed Control System Sq Controller Firmware Deltav Distributed Control System Sx Controller Firmware Se4002S1T2B6 High Side 40 Pin Mass I O Terminal Block Firmware Se4003S2B4 16 Pin Mass I O Terminal Block Firmware +20
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-29960 MEDIUM This Month

Emerson OpenBSI through 2022-04-29 uses weak cryptography. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openbsi
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-27105 MEDIUM This Month

InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Inmailx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-22412 MEDIUM This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a login access token. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2022-1637 MEDIUM This Month

Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy