Skip to main content
CVE-2022-36063 CRITICAL POC PATCH Act Now

Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX and available for all Azure RTOS ThreadX-supported processors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Microsoft RCE Stack Overflow +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-42725 HIGH POC PATCH This Week

Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Warpinator
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-3154 HIGH POC This Week

The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Woo Billingo Plus Integration For Billingo Gravity Forms Integration For Szamlazz Hu Gravity Forms
NVD WPScan
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-3433 MEDIUM POC This Month

The aeson library is not safe to use to consume untrusted JSON input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Aeson
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-3208 MEDIUM POC This Month

The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Simple File List
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-42012 MEDIUM POC PATCH This Month

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Dbus Fedora
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-42011 MEDIUM POC PATCH This Month

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Dbus Fedora
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-42010 MEDIUM POC PATCH This Month

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Jwt Attack Denial Of Service Dbus Fedora
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-3209 MEDIUM POC This Month

{id,datafilter[type],...} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Soledad
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3442 MEDIUM POC This Month

A vulnerability was found in Crealogix EBICS 7.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ebics Server
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3438 MEDIUM POC PATCH This Month

Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Rdiffweb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2891 MEDIUM POC This Month

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Wp 2Fa
NVD WPScan
CVSS 3.1
5.9
EPSS
0.7%
CVE-2022-3137 MEDIUM POC This Month

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Taskbuilder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2350 MEDIUM POC This Month

The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Disable User Login
NVD WPScan
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-41746 CRITICAL PATCH Act Now

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Trend Micro Privilege Escalation Apex One
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-2981 MEDIUM POC This Month

The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Path Traversal PHP Download Monitor
NVD WPScan
CVSS 3.1
4.9
EPSS
0.9%
CVE-2022-2554 MEDIUM POC This Month

The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Enable Media Replace
NVD WPScan
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-3220 MEDIUM POC This Month

The Advanced Comment Form WordPress plugin before 1.2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Advanced Comment Form
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3207 MEDIUM POC This Month

The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simple File List
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3136 MEDIUM POC This Month

The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Social Rocket
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2823 MEDIUM POC This Month

The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Slider Gallery And Carousel
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2629 MEDIUM POC This Month

The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Top Bar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2448 MEDIUM POC This Month

The reSmush.it WordPress plugin before 0.4.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Resmush It Image Optimizer
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-20870 HIGH This Week

A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2022-20837 HIGH This Week

A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2022-20920 HIGH This Week

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS Ios Xe
NVD
CVSS 3.1
7.7
EPSS
1.0%
CVE-2022-41749 HIGH PATCH This Week

An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Trend Micro Privilege Escalation Apex One
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41747 HIGH PATCH This Week

An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-39288 HIGH PATCH This Week

fastify is a fast and low overhead web framework, for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Node.js Fastify
NVD GitHub
CVSS 3.1
7.5
EPSS
59.2%
CVE-2022-34425 HIGH This Week

Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Enterprise Sonic Distribution
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-39292 HIGH PATCH This Week

Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Slack Morphism
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-20915 HIGH This Week

A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2022-41745 HIGH PATCH This Week

An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could. Rated high severity (CVSS 7.0). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Trend Micro Privilege Escalation Buffer Overflow Apex One
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2022-41744 HIGH PATCH This Week

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working. Rated high severity (CVSS 7.0).

Trend Micro Privilege Escalation Apex One
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-20944 MEDIUM This Month

A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Apple Cisco Ios Xe
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-41748 MEDIUM PATCH This Month

A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Trend Micro Privilege Escalation Apex One
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-34334 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Session Fixation IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-40257 MEDIUM This Month

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Vince
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40248 MEDIUM This Month

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Vince
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-20830 MEDIUM This Month

A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-26121 MEDIUM This Month

An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortimanager Fortianalyzer
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-34402 MEDIUM PATCH This Month

Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Dell Denial Of Service Wyse Thinos
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-20864 MEDIUM This Month

A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Apple Ios Xe Rom Monitor
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2022-42724 MEDIUM PATCH This Month

app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

PHP Authentication Bypass Misp
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy