Skip to main content
CVE-2022-36031 MEDIUM POC PATCH This Month

Directus is a free and open-source data platform for headless content management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35554 MEDIUM POC This Month

Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smartvista
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-0542 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Chatwoot
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-36233 MEDIUM POC This Month

Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ac9 Firmware
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-37254 MEDIUM POC This Month

DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system function - > configuration management. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dolphinphp
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-35910 MEDIUM POC PATCH This Month

In Jellyfin before 10.8, stored XSS allows theft of an admin access token. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Jellyfin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-1021 MEDIUM POC PATCH This Month

Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Chatwoot
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-36008 MEDIUM PATCH This Month

Frontier is Substrate's Ethereum compatibility layer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Frontier
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-34621 MEDIUM This Month

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mealie
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34624 MEDIUM This Month

Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mealie
NVD VulDB
CVSS 3.1
5.9
EPSS
0.7%
CVE-2022-2790 MEDIUM This Month

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files). Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Electric S Proficy
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2022-2789 MEDIUM This Month

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Electric S Proficy
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-35692 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Adobe Commerce Magento Commerce
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-1901 MEDIUM PATCH This Month

In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Octopus Server
NVD
CVSS 3.1
5.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy