Skip to main content
CVE-2022-42087 MEDIUM POC This Month

Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF Ax1803 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-42086 MEDIUM POC This Month

Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF Ax1803 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-42078 MEDIUM POC This Month

Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF Ac1206 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-42077 MEDIUM POC This Month

Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF Ac1206 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-40440 MEDIUM POC This Month

mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mxgraph
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-42715 MEDIUM POC This Month

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Redcap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-2249 MEDIUM This Month

Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges.0.0.0 through 8.1.3.3 and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Aura Communication Manager
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-41606 MEDIUM PATCH This Month

HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Denial Of Service Nomad
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-41351 MEDIUM This Month

In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41350 MEDIUM This Month

In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41349 MEDIUM This Month

In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41348 MEDIUM This Month

An issue was discovered in Zimbra Collaboration (ZCS) 9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-3464 MEDIUM This Month

A vulnerability classified as problematic has been found in puppyCMS up to 5.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Puppycms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-33918 MEDIUM This Month

Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Geodrive
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-41316 MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-2720 MEDIUM This Month

In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Server
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-32484 MEDIUM This Month

Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Alienware Area 51M R1 Firmware Alienware Area 51M R2 Firmware Alienware Aurora R11 Firmware +287
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-32483 MEDIUM This Month

Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Alienware Area 51M R1 Firmware Alienware Area 51M R2 Firmware Alienware Aurora R11 Firmware +287
NVD
CVSS 3.1
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy