Skip to main content
CVE-2022-36593 MEDIUM POC This Month

kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Kkfileview
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-36647 MEDIUM POC This Month

PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Davs2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-36639 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Garage Management System
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36637 MEDIUM POC This Month

Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Garage Management System
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36638 MEDIUM POC This Month

An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Garage Management System
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-39194 MEDIUM POC This Month

An issue was discovered in the MediaWiki through 1.38.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mediawiki
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2022-37679 MEDIUM POC This Month

Miniblog.Core v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Miniblog Core
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-36600 MEDIUM POC This Month

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Blogengine Net
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-35933 MEDIUM PATCH This Month

This package is a PrestaShop module that allows users to post reviews and rate products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Productcomments
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-34378 MEDIUM PATCH This Month

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Dell Path Traversal Denial Of Service Emc Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-22101 MEDIUM This Month

Denial of service in multimedia due to uncontrolled resource consumption while parsing an incoming HAB message in Snapdragon Auto. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Apq8096Au Firmware Qam8295p Firmware Qca6564a Firmware +14
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-39190 MEDIUM PATCH This Month

An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-25370 MEDIUM This Month

Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Ofbiz
NVD
CVSS 3.1
5.4
EPSS
2.0%
CVE-2022-38170 MEDIUM PATCH This Month

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable. Rated medium severity (CVSS 4.7). No vendor patch available.

Apache Information Disclosure Airflow
NVD
CVSS 3.1
4.7
EPSS
0.6%
CVE-2022-39188 MEDIUM PATCH This Month

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Rated medium severity (CVSS 4.7).

Linux Race Condition Information Disclosure Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy