Skip to main content
CVE-2022-38295 MEDIUM POC This Month

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cuppacms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-38291 MEDIUM POC This Month

SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Senayan Library Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-34110 MEDIUM POC This Month

An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Micro Star International Feature Navigator
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-36254 MEDIUM POC This Month

Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hotel Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-37796 MEDIUM POC This Month

In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple Online Book Store System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-38972 MEDIUM This Month

Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS A Form
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-39200 MEDIUM PATCH This Month

Dendrite is a Matrix homeserver written in Go. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Dendrite
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-36101 MEDIUM PATCH This Month

Shopware is an open source e-commerce software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-31225 MEDIUM PATCH This Month

Dell BIOS versions contain an Unchecked Return Value vulnerability. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity.

Information Disclosure Dell Chengming 3900 Firmware Inspiron 14 Plus 7420 Firmware Inspiron 16 Plus 7620 Firmware +22
NVD
CVSS 3.1
5.1
EPSS
0.2%
CVE-2022-31220 MEDIUM This Month

Dell BIOS versions contain an Unchecked Return Value vulnerability. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Chengming 3900 Firmware Inspiron 14 Plus 7420 Firmware Inspiron 16 Plus 7620 Firmware +22
NVD
CVSS 3.1
5.1
EPSS
0.2%
CVE-2022-31222 MEDIUM PATCH This Month

Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Dell Denial Of Service Chengming 3900 Firmware Inspiron 14 Plus 7420 Firmware Inspiron 16 Plus 7620 Firmware +22
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-38299 MEDIUM PATCH This Month

An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Elastic Appsmith
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-38135 MEDIUM This Month

Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Photospace Gallery
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy