Skip to main content
CVE-2022-36533 MEDIUM POC THREAT This Month

Super Flexible Software GmbH & Co. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.6%.

XSS Syncovery
NVD VulDB
CVSS 3.1
5.4
EPSS
42.6%
CVE-2022-34002 MEDIUM POC This Month

The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Pds Vista 7
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-37775 MEDIUM POC This Month

Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pureconnect
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-38845 MEDIUM POC This Month

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Espocrm
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-3223 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Drawio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-2669 MEDIUM POC This Month

The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Taxonomy Import
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2655 MEDIUM POC This Month

The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Classified Listing
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-2654 MEDIUM POC This Month

The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Classified Listing Classified Listing Store Membership Classima +1
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38846 MEDIUM POC This Month

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Espocrm
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2022-3225 MEDIUM POC PATCH This Month

Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Budibase
NVD GitHub
CVSS 3.1
5.7
EPSS
0.7%
CVE-2022-40755 MEDIUM POC This Month

JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35194 MEDIUM POC This Month

TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Testlink
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37248 MEDIUM POC PATCH This Month

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Craft Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37250 MEDIUM POC PATCH This Month

Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Craft Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37709 MEDIUM POC This Month

Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Model 3 Firmware Tesla
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-2877 MEDIUM POC This Month

The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Titan Anti Spam Security
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-2863 MEDIUM POC THREAT This Month

The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Migration Backup Staging
NVD WPScan
CVSS 3.1
4.9
EPSS
18.1%
CVE-2022-2887 MEDIUM POC This Month

The WP Server Health Stats WordPress plugin before 1.7.0 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Server Health Stats
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2799 MEDIUM POC This Month

The Affiliates Manager WordPress plugin before 2.9.14 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Affiliates Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2737 MEDIUM POC This Month

The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Staging
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2635 MEDIUM POC This Month

The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Autoptimize
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2575 MEDIUM POC This Month

The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wbw Currency Switcher For Woocommerce
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2351 MEDIUM POC This Month

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Post Smtp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2913 MEDIUM POC This Month

The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Login No Captcha Recaptcha
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-2912 MEDIUM POC This Month

The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Craw Data
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-25654 MEDIUM PATCH This Month

Memory corruption in kernel due to improper input validation while processing ION commands in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Qualcomm Buffer Overflow Apq8096Au Firmware Mdm9650 Firmware +19
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-39006 MEDIUM This Month

The MPTCP module has the race condition vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Emui Harmonyos Magic Ui
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2022-38428 MEDIUM This Month

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Adobe Use After Free Photoshop
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-38407 MEDIUM This Month

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-38406 MEDIUM This Month

Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Incopy
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-30676 MEDIUM This Month

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-30675 MEDIUM This Month

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-30674 MEDIUM This Month

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Indesign Fedora
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-30673 MEDIUM This Month

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-30672 MEDIUM This Month

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-30671 MEDIUM This Month

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-28857 MEDIUM This Month

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-28856 MEDIUM This Month

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-28855 MEDIUM This Month

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-28854 MEDIUM This Month

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-38410 MEDIUM This Month

Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-38409 MEDIUM This Month

Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-36402 MEDIUM This Month

An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-25653 MEDIUM This Month

Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Buffer Overflow Apq8053 Firmware Aqt1000 Firmware +88
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-37251 MEDIUM PATCH This Month

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Craft Cms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-37247 MEDIUM PATCH This Month

Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Craft Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-35664 MEDIUM This Month

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-34218 MEDIUM This Month

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30686 MEDIUM This Month

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30685 MEDIUM This Month

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy