Skip to main content
CVE-2022-40734 MEDIUM POC PATCH This Month

UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Laravel Filemanager
NVD GitHub
CVSS 3.1
6.5
EPSS
4.1%
CVE-2022-40439 MEDIUM POC This Month

An memory leak issue was discovered in AP4_StdcFileByteStream::Create in mp42ts in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-40438 MEDIUM POC This Month

Buffer overflow vulnerability in function AP4_MemoryByteStream::WritePartial in mp42aac in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-40365 MEDIUM POC This Month

Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Gocron
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-37724 MEDIUM POC PATCH This Month

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Webobjects
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38796 MEDIUM POC This Month

A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Feehi Cms
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-36056 MEDIUM POC PATCH This Month

Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Jwt Attack Cosign
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-37139 MEDIUM POC This Month

Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Loan Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37137 MEDIUM POC This Month

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Paymoney
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36668 MEDIUM POC This Month

Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Garage Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-20231 MEDIUM This Month

In smc_intc_request_fiq of arm_gic.c, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-36114 MEDIUM PATCH This Month

Cargo is a package manager for the rust programming language. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

RCE Denial Of Service Cargo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35946 MEDIUM PATCH This Month

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PHP SQLi Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35945 MEDIUM PATCH This Month

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-40626 MEDIUM PATCH This Month

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Zabbix XSS Fedora
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-36112 MEDIUM PATCH This Month

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Glpi
NVD GitHub
CVSS 3.1
5.8
EPSS
0.5%
CVE-2022-40476 MEDIUM PATCH This Month

A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Null Pointer Dereference Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0029 MEDIUM This Month

An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Paloalto Cortex Xdr Agent
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31187 MEDIUM PATCH This Month

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-31143 MEDIUM PATCH This Month

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Glpi
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-22520 MEDIUM This Month

A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mbconnect24 Mymbconnect24 Myrex24 Myrex24 Virtual
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-1778 MEDIUM This Month

Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microscada X Sys600
NVD
CVSS 3.1
4.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy