Skip to main content
CVE-2022-35136 MEDIUM POC This Month

Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Iot Platform
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-41474 MEDIUM POC This Month

RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Rpcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3473 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Human Resource Management System. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Resource Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-3470 MEDIUM POC This Month

A vulnerability was found in SourceCodester Human Resource Management System. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Resource Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-39295 MEDIUM POC This Month

Knowage is an open source suite for modern business analytics alternative over big data systems. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Knowage
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-41473 MEDIUM POC This Month

RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rpcms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-38902 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dxp Liferay Portal
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-35081 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_read_header at /src/png2swf.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35080 MEDIUM POC This Month

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35612 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mqttroute
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-35134 MEDIUM POC This Month

Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Iot Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-34021 MEDIUM POC This Month

Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Iot Platform And Lorawan Network Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-3472 MEDIUM POC This Month

A vulnerability was found in SourceCodester Human Resource Management System. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Resource Management System
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-3471 MEDIUM POC This Month

A vulnerability was found in SourceCodester Human Resource Management System. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Resource Management System
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-35611 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mqttroute
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-42159 MEDIUM POC This Month

D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Covr 1203 Firmware Covr 1202 Firmware Covr 1200 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-2828 MEDIUM This Month

In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Octopus Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-3493 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Human Resource Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-39229 MEDIUM PATCH This Month

Grafana is an open source data visualization platform for metrics, logs, and traces. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Grafana
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy