Skip to main content
CVE-2022-35039 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e20a0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35038 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b064d. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35037 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6adb1e. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35036 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e1fc8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35035 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b559f. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35034 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e7e3d. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35032 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35031 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x703969. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35030 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35029 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35028 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbbb6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35027 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35026 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35025 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x5266a8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35024 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35023 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /lib/x86_64-linux-gnu/libc.so.6+0xbb384. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35022 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-35021 MEDIUM POC This Month

OTFCC commit 617837b was discovered to contain a global buffer overflow via /release-x64/otfccdump+0x718693. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Otfcc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-40088 MEDIUM POC This Month

Simple College Website v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /college_website/index.php?page=. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple College Website
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-23458 MEDIUM POC PATCH This Month

Toast UI Grid is a component to display and edit data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Toast Ui Grid
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-35894 MEDIUM POC This Month

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insydeh2o
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2022-35896 MEDIUM POC This Month

An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insydeh2o
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2022-40444 MEDIUM POC This Month

ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zzcms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-40443 MEDIUM POC This Month

An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zzcms
NVD GitHub
CVSS 3.1
5.3
EPSS
2.1%
CVE-2022-3267 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Rdiffweb
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-38512 MEDIUM PATCH This Month

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Dxp Liferay Portal
NVD VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-28979 MEDIUM PATCH This Month

Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Digital Experience Platform Dxp Liferay Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-28977 MEDIUM PATCH This Month

HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Digital Experience Platform Dxp Liferay Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-28980 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Dxp Liferay Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-28982 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Dxp Liferay Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-2266 MEDIUM This Month

University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Library Automation System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-39197 MEDIUM KEV THREAT This Month

An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cobalt Strike
NVD
CVSS 3.1
6.1
EPSS
46.4%
CVE-2022-28978 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Digital Experience Platform Dxp Liferay Portal
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-38648 MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources.14. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Batik Debian Linux
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2022-38398 MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol.14. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Batik Debian Linux
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2022-39975 MEDIUM PATCH This Month

The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Dxp Liferay Portal
NVD VulDB
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy