Skip to main content
CVE-2022-40027 MEDIUM POC This Month

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple Task Managing System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-29799 MEDIUM POC THREAT This Month

A vulnerability was found in networkd-dispatcher. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Windows Defender For Endpoint
NVD
CVSS 3.1
5.5
EPSS
11.7%
CVE-2022-23951 MEDIUM POC PATCH This Month

In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Keylime
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-41218 MEDIUM POC This Month

In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Linux Use After Free Linux Kernel +1
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-35090 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via __asan_memcpy at /asan/asan_interceptors_memintrinsics.cpp:. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35089 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer-overflow via getTransparentColor at /home/bupt/Desktop/swftools/src/gif2swf. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35088 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap buffer-overflow via getGifDelayTime at /home/bupt/Desktop/swftools/src/src/gif2swf.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35087 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35086 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35085 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-36365 MEDIUM POC This Month

Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Crossword plugin <= 1.1.10 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wha Crossword
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2872 MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Octoprint
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-35621 MEDIUM POC This Month

Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Evohclaimable
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-3251 MEDIUM POC PATCH This Month

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Minarca
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-3250 MEDIUM POC PATCH This Month

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-40029 MEDIUM POC This Month

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple Task Managing System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-40028 MEDIUM POC This Month

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple Task Managing System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-3255 MEDIUM POC PATCH This Month

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-29800 MEDIUM POC This Month

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Windows Defender For Endpoint
NVD
CVSS 3.1
4.7
EPSS
6.7%
CVE-2022-2888 MEDIUM POC PATCH This Month

If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Octoprint
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2022-3233 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Rdiffweb
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-41255 MEDIUM This Month

Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Cons3Rt
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-41254 MEDIUM This Month

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Cons3Rt
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-41250 MEDIUM This Month

A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Scm Httpclient
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41246 MEDIUM This Month

A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Worksoft Execution Manager
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-40754 MEDIUM PATCH This Month

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Open Redirect Airflow
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-41231 MEDIUM This Month

Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Build Publisher
NVD
CVSS 3.1
5.7
EPSS
1.2%
CVE-2022-40219 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress CSRF Favicon Switcher
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-38073 MEDIUM PATCH This Month

Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Awesome Support
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36390 MEDIUM This Month

Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event Calendar - Calendar plugin <= 1.4.6 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Event Calendar
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36383 MEDIUM This Month

Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Word Search Puzzles game plugin <= 2.0.1 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wha Wordsearch
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-41242 MEDIUM This Month

A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Extreme Feedback
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41240 MEDIUM This Month

Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Walti
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41239 MEDIUM This Month

Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dotci
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-41229 MEDIUM PATCH This Month

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Ns Nd Integration Performance Publisher
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41225 MEDIUM PATCH This Month

Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Anchore Container Image Scanner
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-41224 MEDIUM PATCH This Month

Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-37246 MEDIUM PATCH This Month

Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Craft Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-41248 MEDIUM This Month

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Bigpanda Notifier
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-41235 MEDIUM This Month

Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Wildfly Deployer
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-2795 MEDIUM PATCH This Month

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bind Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2022-41252 MEDIUM This Month

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Cons3Rt
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41251 MEDIUM This Month

A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Apprenda
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41247 MEDIUM This Month

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Bigpanda Notifier
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-41233 MEDIUM PATCH This Month

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rundeck
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41230 MEDIUM This Month

Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Build Publisher
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy