Skip to main content
CVE-2022-39196 MEDIUM POC This Month

Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Blackboard Learn
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-2543 MEDIUM POC This Month

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Visual Portfolio Photo Gallery Post Grid
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3123 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Dokuwiki Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-2775 MEDIUM POC This Month

The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Fastflow
NVD WPScan
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-38750 MEDIUM POC PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Snakeyaml Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-3127 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Drawio
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2597 MEDIUM POC This Month

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Visual Portfolio Photo Gallery Post Grid
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-2376 MEDIUM POC This Month

The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX action available to both unauthenticated and any authenticated users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Directorist
NVD WPScan
CVSS 3.1
5.3
EPSS
1.4%
CVE-2022-39840 MEDIUM POC This Month

Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cotonti Siena
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-39839 MEDIUM POC This Month

Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cotonti Siena
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-2657 MEDIUM POC This Month

The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Multivendor Marketplace Solution For Woocommerce Wc Marketplace
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-38752 MEDIUM PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Snakeyaml
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2022-38751 MEDIUM PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Snakeyaml Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-38749 MEDIUM PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Snakeyaml Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2022-39842 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.19. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Linux Buffer Overflow Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-38367 MEDIUM This Month

The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian User Export For Jira
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-2271 MEDIUM This Month

The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wp Database Backup
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-39050 MEDIUM This Month

An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Otrs
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-39049 MEDIUM This Month

An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Otrs
NVD
CVSS 3.1
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy