Skip to main content
CVE-2022-3433 MEDIUM POC This Month

The aeson library is not safe to use to consume untrusted JSON input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Aeson
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-3208 MEDIUM POC This Month

The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Simple File List
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-42012 MEDIUM POC PATCH This Month

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Dbus Fedora
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-42011 MEDIUM POC PATCH This Month

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Dbus Fedora
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-42010 MEDIUM POC PATCH This Month

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Jwt Attack Denial Of Service Dbus Fedora
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-3209 MEDIUM POC This Month

{id,datafilter[type],...} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Soledad
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3442 MEDIUM POC This Month

A vulnerability was found in Crealogix EBICS 7.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ebics Server
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3438 MEDIUM POC PATCH This Month

Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Rdiffweb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2891 MEDIUM POC This Month

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Wp 2Fa
NVD WPScan
CVSS 3.1
5.9
EPSS
0.7%
CVE-2022-3137 MEDIUM POC This Month

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Taskbuilder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2350 MEDIUM POC This Month

The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Disable User Login
NVD WPScan
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-2981 MEDIUM POC This Month

The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Path Traversal PHP Download Monitor
NVD WPScan
CVSS 3.1
4.9
EPSS
0.9%
CVE-2022-2554 MEDIUM POC This Month

The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Enable Media Replace
NVD WPScan
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-3220 MEDIUM POC This Month

The Advanced Comment Form WordPress plugin before 1.2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Advanced Comment Form
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3207 MEDIUM POC This Month

The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simple File List
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3136 MEDIUM POC This Month

The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Social Rocket
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2823 MEDIUM POC This Month

The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Slider Gallery And Carousel
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2629 MEDIUM POC This Month

The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape some of its settings before outputting them in frontend pages, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Top Bar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2448 MEDIUM POC This Month

The reSmush.it WordPress plugin before 0.4.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Resmush It Image Optimizer
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-20944 MEDIUM This Month

A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Apple Cisco Ios Xe
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-41748 MEDIUM PATCH This Month

A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Trend Micro Privilege Escalation Apex One
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-34334 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 2.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Session Fixation IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-40257 MEDIUM This Month

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Vince
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40248 MEDIUM This Month

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Vince
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-20830 MEDIUM This Month

A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-26121 MEDIUM This Month

An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortimanager Fortianalyzer
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-34402 MEDIUM PATCH This Month

Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Dell Denial Of Service Wyse Thinos
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-20864 MEDIUM This Month

A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Apple Ios Xe Rom Monitor
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2022-42724 MEDIUM PATCH This Month

app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

PHP Authentication Bypass Misp
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy