Skip to main content
CVE-2022-2638 MEDIUM POC This Month

The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Export All Urls
NVD WPScan
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-1663 MEDIUM POC This Month

The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Stop Spam Comments
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-36687 MEDIUM POC This Month

Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Ingredient Stock Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-21385 MEDIUM POC This Month

A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle Denial Of Service Linux
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2022-2599 MEDIUM POC This Month

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Anti Malware Security And Brute Force Firewall
NVD WPScan
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-2538 MEDIUM POC This Month

The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Hide Security Enhancer
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2537 MEDIUM POC This Month

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Woocommerce Pdf Invoices Packing Slips
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-36033 MEDIUM POC PATCH This Month

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla XSS Java Jsoup Management Services For Element Software +2
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-36573 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pagekit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2953 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Libtiff Ontap Select Deploy Administration Utility Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-1204 MEDIUM POC PATCH This Month

A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-1198 MEDIUM POC PATCH This Month

A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-1115 MEDIUM POC PATCH This Month

A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-1016 MEDIUM POC This Month

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-0852 MEDIUM POC PATCH This Month

There is a flaw in convert2rhel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Red Hat Convert2Rhel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-0851 MEDIUM POC This Month

There is a flaw in convert2rhel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Convert2Rhel Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0496 MEDIUM POC PATCH This Month

A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Openscad
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35020 MEDIUM POC This Month

Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Advancecomp Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35019 MEDIUM POC This Month

Advancecomp v2.3 was discovered to contain a segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advancecomp Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35018 MEDIUM POC This Month

Advancecomp v2.3 was discovered to contain a segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advancecomp Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35017 MEDIUM POC This Month

Advancecomp v2.3 was discovered to contain a heap buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Advancecomp Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35016 MEDIUM POC This Month

Advancecomp v2.3 was discovered to contain a heap buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Advancecomp Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35015 MEDIUM POC This Month

Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Advancecomp Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35014 MEDIUM POC This Month

Advancecomp v2.3 contains a segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advancecomp Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-36194 MEDIUM POC This Month

Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Centreon
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-2373 MEDIUM POC This Month

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Simply Schedule Appointments
NVD WPScan
CVSS 3.1
5.3
EPSS
1.4%
CVE-2022-2034 MEDIUM POC This Month

The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Sensei Lms
NVD WPScan
CVSS 3.1
5.3
EPSS
1.9%
CVE-2022-0718 MEDIUM POC PATCH This Month

A flaw was found in python-oslo-utils. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python Oslo Utils Openshift Container Platform Openstack Platform +1
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2022-3035 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Snipe It
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-2374 MEDIUM POC This Month

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simply Schedule Appointments
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0485 MEDIUM POC PATCH This Month

A flaw was found in the copying tool `nbdcopy` of libnbd. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libnbd Enterprise Linux
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2022-37059 MEDIUM POC This Month

Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Subrion Cms
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2267 MEDIUM POC This Month

The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Mailchimp For Woocommerce
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-2080 MEDIUM POC This Month

The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Sensei Lms
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-0669 MEDIUM PATCH This Month

A flaw was found in dpdk. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Data Plane Development Kit Openvswitch Openshift Container Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-27546 MEDIUM This Month

HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hcl Inotes Domino
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-35962 MEDIUM This Month

Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Zulip
NVD GitHub
CVSS 3.1
5.7
EPSS
0.9%
CVE-2022-1184 MEDIUM PATCH This Month

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0480 MEDIUM PATCH This Month

A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Linux Denial Of Service Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-25641 MEDIUM This Month

Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pdf Editor Pdf Reader Phantompdf
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36037 MEDIUM PATCH This Month

kirby is a content management system (CMS) that adapts to many different projects and helps you build your own ideal interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Kirby
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-31677 MEDIUM PATCH This Month

An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Pinniped
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-0812 MEDIUM PATCH This Month

An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
4.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy