Skip to main content
CVE-2022-3548 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Cold Storage Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3547 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Cold Storage Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3546 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Cold Storage Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3139 MEDIUM POC This Month

The We’re Open!. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress We Re Open
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2574 MEDIUM POC This Month

The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Meks Easy Social Share
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2563 MEDIUM POC This Month

The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Tutor Lms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-3331 MEDIUM POC This Month

An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-3282 MEDIUM POC This Month

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress File Upload Drag And Drop Multiple File Upload Contact Form 7
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-3151 MEDIUM POC This Month

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Custom Cursors
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-3126 MEDIUM POC This Month

The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Frontend File Manager Plugin
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-3244 MEDIUM POC This Month

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Import All Pages Post Types Products Orders And Users As Xml Csv
NVD WPScan
CVSS 3.1
4.2
EPSS
0.4%
CVE-2022-2527 HIGH This Week

An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2022-3534 HIGH PATCH This Week

A vulnerability classified as critical has been found in Linux Kernel. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel
NVD VulDB
CVSS 3.1
8.0
EPSS
0.5%
CVE-2022-3565 HIGH PATCH This Week

A vulnerability, which was classified as critical, has been found in Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-3545 HIGH PATCH This Week

A vulnerability has been found in Linux Kernel and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel H410c Firmware +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-3541 HIGH PATCH This Week

A vulnerability classified as critical has been found in Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-3517 HIGH PATCH This Week

A vulnerability was found in the minimatch package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Minimatch Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-3382 HIGH This Week

HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Robot System Software
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-3559 HIGH PATCH This Week

A vulnerability was found in Exim and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Exim Fedora
NVD VulDB
CVSS 3.1
7.5
EPSS
3.7%
CVE-2022-3031 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-2931 HIGH This Week

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-3501 HIGH This Week

Article template contents with sensitive data could be accessed from agents without permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-3281 HIGH This Week

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 750 8100 Firmware 750 8101 Firmware 750 8101 000 010 Firmware 750 8101 025 000 Firmware +74
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-42975 HIGH PATCH This Week

socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass CSRF Phoenix
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-2533 HIGH This Week

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2022-3421 HIGH This Week

An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Google Apple Privilege Escalation Drive
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2022-3060 HIGH This Week

Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Path Traversal
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2022-2428 HIGH This Week

A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2022-3566 HIGH PATCH This Week

A vulnerability, which was classified as problematic, was found in Linux Kernel. Rated high severity (CVSS 7.1).

Linux Race Condition Information Disclosure Linux Kernel
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-3564 HIGH PATCH This Week

A vulnerability classified as critical was found in Linux Kernel. Rated high severity (CVSS 7.1). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel Debian Linux +4
NVD VulDB
CVSS 3.1
7.1
EPSS
1.3%
CVE-2022-3540 MEDIUM This Month

An issue has been discovered in hunter2 affecting all versions before 2.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hunter2
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-3291 MEDIUM This Month

Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Deserialization Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-3279 MEDIUM This Month

An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-3165 MEDIUM PATCH This Month

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Denial Of Service Qemu Fedora
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-3067 MEDIUM This Month

An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-2592 MEDIUM This Month

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-2455 MEDIUM This Month

A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-3553 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in X.org Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service X Server
NVD VulDB
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-3551 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in X.org Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure X Server Debian Linux Fedora
NVD VulDB
CVSS 3.1
6.5
EPSS
1.7%
CVE-2022-39052 MEDIUM This Month

An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Otrs
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-3567 MEDIUM PATCH This Month

A vulnerability has been found in Linux Kernel and classified as problematic. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.

Linux Race Condition Information Disclosure Linux Kernel
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2022-42147 MEDIUM This Month

kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kkfileview
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-40606 MEDIUM This Month

MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Caldera
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-40605 MEDIUM This Month

MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Caldera
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-3563 MEDIUM PATCH This Month

A vulnerability classified as problematic has been found in Linux Kernel. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity.

Linux Denial Of Service Bluez
NVD VulDB
CVSS 3.1
5.7
EPSS
0.4%
CVE-2022-3533 MEDIUM PATCH This Month

A vulnerability was found in Linux Kernel. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD VulDB
CVSS 3.1
5.7
EPSS
0.4%
CVE-2022-41542 MEDIUM This Month

devhub 0.102.0 was discovered to contain a broken session control. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devhub
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-3544 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-3543 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in Linux Kernel.c of the component BPF. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-3066 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.5%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy