Skip to main content
CVE-2022-2370 MEDIUM POC This Month

The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Yaysmtp
NVD WPScan
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-2260 MEDIUM POC This Month

The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Givewp
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-2589 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Fava
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-2241 MEDIUM POC This Month

The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS WordPress Featured Image From Url
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2181 MEDIUM POC This Month

The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Advanced Wordpress Reset
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-1906 MEDIUM POC This Month

The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Copyright Proof
NVD WPScan
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-2596 MEDIUM POC PATCH This Month

Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Node Fetch
NVD GitHub
CVSS 3.1
5.9
EPSS
1.1%
CVE-2022-2598 MEDIUM POC PATCH This Month

Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-2171 MEDIUM POC This Month

The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS WordPress Progressive License
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-1600 MEDIUM POC This Month

The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Yop Poll
NVD WPScan
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-2328 MEDIUM POC This Month

The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Flexi Quote Rotator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2325 MEDIUM POC This Month

The Invitation Based Registrations WordPress plugin through 2.2.84 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Invitation Based Registrations
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2305 MEDIUM POC This Month

The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Popups
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2278 MEDIUM POC This Month

The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Featured Image From Url
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2215 MEDIUM POC This Month

The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Givewp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2170 MEDIUM POC This Month

The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XSS WordPress Microsoft Advertising Universal Event Tracking
NVD WPScan
CVSS 3.1
4.8
EPSS
1.1%
CVE-2022-1324 MEDIUM POC This Month

The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Event Timeline
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-0598 MEDIUM POC This Month

The Login with phone number WordPress plugin before 1.3.8 does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Login With Phone Number
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-2369 MEDIUM POC This Month

The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Yaysmtp
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-33955 MEDIUM PATCH This Month

IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Cics Tx
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2022-26445 MEDIUM This Month

In wifi driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Mt7603 Firmware Mt7610 Firmware +11
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-26444 MEDIUM This Month

In wifi driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Mt7603 Firmware Mt7610 Firmware +11
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-26443 MEDIUM This Month

In wifi driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Mt7603 Firmware Mt7610 Firmware +11
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-26442 MEDIUM This Month

In wifi driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Mt7603 Firmware Mt7610 Firmware +11
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-26441 MEDIUM This Month

In wifi driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Mt7603 Firmware Mt7610 Firmware +11
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-26440 MEDIUM This Month

In wifi driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Mt7603 Firmware Mt7610 Firmware +11
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-26439 MEDIUM This Month

In wifi driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Mt7603 Firmware Mt7610 Firmware +11
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-26438 MEDIUM This Month

In wifi driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Mt7603 Firmware Mt7610 Firmware +11
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-26435 MEDIUM This Month

In mailbox, there is a possible out of bounds write due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android Yocto
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26434 MEDIUM This Month

In mailbox, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android Yocto
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26433 MEDIUM This Month

In mailbox, there is a possible out of bounds write due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android Yocto
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26432 MEDIUM This Month

In mailbox, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android Yocto
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26431 MEDIUM This Month

In mailbox, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android Yocto
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26430 MEDIUM This Month

In mailbox, there is a possible out of bounds write due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android Yocto
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26427 MEDIUM This Month

In camera isp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26426 MEDIUM This Month

In camera isp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-21792 MEDIUM This Month

In camera isp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-21788 MEDIUM This Month

In scp, there is a possible undefined behavior due to incorrect error handling. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-35918 MEDIUM PATCH This Month

Streamlit is a data oriented application development framework for python. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Streamlit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-30699 MEDIUM This Month

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unbound Fedora
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-30698 MEDIUM This Month

NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unbound Fedora
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-35716 MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Urbancode Deploy
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-34338 MEDIUM This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Robotic Process Automation
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-33169 MEDIUM This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-26428 MEDIUM This Month

In video codec, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-21789 MEDIUM This Month

In audio ipi, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-35118 MEDIUM This Month

PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pyrocms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-31193 MEDIUM PATCH This Month

DSpace open source software is a repository application which provides durable access to digital resources. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Dspace
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-31192 MEDIUM PATCH This Month

DSpace open source software is a repository application which provides durable access to digital resources. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dspace
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-31191 MEDIUM PATCH This Month

DSpace open source software is a repository application which provides durable access to digital resources. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dspace
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy