Skip to main content
CVE-2022-36097 MEDIUM POC PATCH THREAT This Month

XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
57.4%
CVE-2022-3148 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Drawio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3138 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Drawio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38400 MEDIUM POC PATCH This Month

Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Mailform Pro Cgi
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2022-3153 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Vim
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-27969 MEDIUM POC This Month

Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cynet 360
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-27968 MEDIUM POC This Month

Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of monitored files and profiles via a crafted GET request sent to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cynet 360
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-27967 MEDIUM POC This Month

Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of excluded files and profiles via a crafted GET request sent to /WebApp/SettingsExclusion/GetExclusionsProfiles. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cynet 360
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-38399 MEDIUM This Month

Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Cs Qr20 Firmware Cs Qr10 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-36736 MEDIUM This Month

Jitsi-2.10.5550 was discovered to contain a vulnerability in its web UI which allows attackers to perform a clickjacking attack via a crafted HTTP request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jitsi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-37146 MEDIUM This Month

The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Plextrac
NVD VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-38256 MEDIUM This Month

TastyIgniter v3.5.0 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tastyigniter
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-20863 MEDIUM This Month

A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Webex Teams
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-36095 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Xwiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy