Skip to main content
CVE-2022-3245 MEDIUM POC PATCH This Month

HTML injection attack is closely related to Cross-site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Code Injection Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-3242 MEDIUM POC PATCH This Month

Code Injection in GitHub repository microweber/microweber prior to 1.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-32167 MEDIUM POC PATCH This Month

Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Privilege Escalation Cloudreve
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3005 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3004 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3000 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2924 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-35957 MEDIUM PATCH This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Grafana Fedora
NVD GitHub
CVSS 3.1
6.6
EPSS
1.3%
CVE-2022-32880 MEDIUM This Month

This issue was addressed by enabling hardened runtime. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Information Disclosure macOS
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-33735 MEDIUM This Month

There is a password verification vulnerability in WS7200-10 11.0.2.13. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ws7200 10 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-39220 MEDIUM PATCH This Month

SFTPGo is an SFTP server written in Go. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sftpgo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-34746 MEDIUM PATCH This Month

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Zyxel Information Disclosure Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +7
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-32883 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-32864 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-32854 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-32861 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari macOS
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-38956 MEDIUM This Month

An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Netgear Information Disclosure Wpn824Ext Firmware
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-32868 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-32795 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy