Skip to main content
CVE-2022-35148 MEDIUM POC This Month

maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Maccms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-35151 MEDIUM POC This Month

kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kkfileview
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-36191 MEDIUM POC This Month

A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-2871 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Notrinoserp
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-35117 MEDIUM POC This Month

Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via update_medicine_details.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Clinic S Patient Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-35133 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cherrytree
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-2869 MEDIUM PATCH This Month

libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libtiff Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2868 MEDIUM PATCH This Month

libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Libtiff Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2867 MEDIUM PATCH This Month

libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libtiff Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2338 MEDIUM This Month

Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Edgeaggregator Edgeconnector Opc Opc Ua C Software Development Kit +2
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-38392 MEDIUM This Month

Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service (device malfunction and system crash) via a. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 5400Rmp Oem Harddrive
NVD
CVSS 3.1
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy