Skip to main content
CVE-2022-31798 MEDIUM POC This Month

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation XSS PHP Emerge E3 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
6.7%
CVE-2022-37161 MEDIUM POC This Month

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Claroline
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2980 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Vim Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-37292 MEDIUM POC This Month

Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Tenda Buffer Overflow Ax12 Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-36527 MEDIUM POC This Month

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-37162 MEDIUM POC This Month

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Claroline
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-37160 MEDIUM POC This Month

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Claroline
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37238 MEDIUM POC This Month

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Security Gateway For Email Servers
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37245 MEDIUM POC This Month

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Security Gateway For Email Servers
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37244 MEDIUM POC This Month

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Security Gateway For Email Servers
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37243 MEDIUM POC This Month

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Security Gateway For Email Servers
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37241 MEDIUM POC This Month

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Security Gateway For Email Servers
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37239 MEDIUM POC This Month

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Security Gateway For Email Servers
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-20865 MEDIUM This Month

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Firepower 4110 Firmware Firepower 4112 Firmware Firepower 4115 Firmware +9
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-2991 MEDIUM PATCH This Month

A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Linux RCE Heap Overflow Buffer Overflow Linux Kernel
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-37316 MEDIUM This Month

Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Archer
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-23715 MEDIUM This Month

A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elastic Elastic Cloud Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-37318 MEDIUM This Month

Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-37953 MEDIUM This Month

An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Workstationst
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-37952 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Workstationst
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-37317 MEDIUM This Month

Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-32746 MEDIUM PATCH This Month

A flaw was found in the Samba AD LDAP server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Samba
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-36118 MEDIUM This Month

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Blue Prism
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-36116 MEDIUM This Month

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Blue Prism
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-23235 MEDIUM PATCH This Month

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure VMware Active Iq Unified Manager
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-36358 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Seo Scout
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-32742 MEDIUM This Month

A flaw was found in Samba. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Samba
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy