Skip to main content
CVE-2022-35070 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x65fc97. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35069 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b544e. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35068 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e420d. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35067 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35066 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35065 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35064 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adcdb in __asan_memset. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35063 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41a8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35062 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0bc3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35061 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e412a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35060 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-38527 MEDIUM POC This Month

UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2753 MEDIUM POC THREAT This Month

The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Ketchup Restaurant Reservations
NVD WPScan
CVSS 3.1
6.1
EPSS
83.4%
CVE-2022-38550 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jeesns
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-3036 MEDIUM POC This Month

The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Gettext Override Translations
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-3021 MEDIUM POC This Month

The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Slickr Flickr
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2710 MEDIUM POC This Month

The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Scroll To Top
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2709 MEDIUM POC This Month

The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Float To Top Button
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2567 MEDIUM POC This Month

The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Form Builder Cp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-28201 MEDIUM POC PATCH This Month

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Mediawiki Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2022-1591 MEDIUM POC This Month

The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wordpress Ping Optimizer
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-1580 MEDIUM POC This Month

The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Site Offline
NVD WPScan
CVSS 3.1
4.3
EPSS
1.3%
CVE-2022-40715 MEDIUM This Month

An issue was discovered in NOKIA 1350OMS R14.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nokia 1350 Optical Management System
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-40713 MEDIUM This Month

An issue was discovered in NOKIA 1350OMS R14.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nokia 1350 Optical Management System
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-38339 MEDIUM This Month

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fme Server
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-40714 MEDIUM This Month

An issue was discovered in NOKIA 1350OMS R14.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nokia 1350 Optical Management System
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-40712 MEDIUM This Month

An issue was discovered in NOKIA 1350OMS R14.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nokia 1350 Optical Management System
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-40234 MEDIUM This Month

Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Spectrum Protect Plus
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2022-40140 MEDIUM PATCH This Month

An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Trend Micro Apex One
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-3213 MEDIUM PATCH This Month

A heap buffer overflow issue was found in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Imagemagick Extra Packages For Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-37348 MEDIUM PATCH This Month

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Trend Micro Buffer Overflow Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-37347 MEDIUM PATCH This Month

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Trend Micro Buffer Overflow Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-38425 MEDIUM PATCH This Month

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Denial Of Service Adobe Use After Free Bridge
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35709 MEDIUM PATCH This Month

Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Denial Of Service Adobe Use After Free Bridge
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-40778 MEDIUM This Month

A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Metadefender
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-29835 MEDIUM This Month

WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Wd Discovery
NVD
CVSS 3.1
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy