Skip to main content
CVE-2022-40879 MEDIUM POC This Month

kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kkfileview
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-40931 MEDIUM POC PATCH This Month

dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Transfer Sh
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-40363 MEDIUM POC This Month

A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Zero before v0.65.2 allows attackers to cause a Denial of Service (DoS) via a crafted NFC file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Flipper Zero Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-1725 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Vim macOS
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-35137 MEDIUM POC This Month

DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dgiot
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40408 MEDIUM POC This Month

FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Feehicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-3355 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Inventree
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-1719 MEDIUM POC PATCH This Month

Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Trudesk
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-3326 MEDIUM POC PATCH This Month

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Rdiffweb
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-39254 MEDIUM PATCH This Month

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Python Matrix Nio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-35888 MEDIUM This Month

Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ampere Altra Max Firmware Ampere Altra Firmware Ampereone Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-39232 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-39226 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-36068 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy