Skip to main content
CVE-2022-28291 MEDIUM POC This Month

Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nessus
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41471 MEDIUM POC This Month

74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 74Cmsse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-3082 MEDIUM POC This Month

The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Discord Integration
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-3149 MEDIUM POC This Month

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS WordPress Wp Custom Cursors
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-3206 MEDIUM POC This Month

The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Passster
NVD WPScan
CVSS 3.1
5.9
EPSS
0.5%
CVE-2022-41431 MEDIUM POC This Month

xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xzs
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-41139 MEDIUM POC This Month

MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Caldera
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41472 MEDIUM POC This Month

74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS 74Cmsse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-2834 MEDIUM POC This Month

The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Path Traversal Helpful
NVD WPScan
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-3548 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Cold Storage Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3547 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Cold Storage Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3546 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Cold Storage Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3139 MEDIUM POC This Month

The We’re Open!. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress We Re Open
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2574 MEDIUM POC This Month

The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Meks Easy Social Share
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2563 MEDIUM POC This Month

The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Tutor Lms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-3331 MEDIUM POC This Month

An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-3282 MEDIUM POC This Month

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress File Upload Drag And Drop Multiple File Upload Contact Form 7
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-3151 MEDIUM POC This Month

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Custom Cursors
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-3126 MEDIUM POC This Month

The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Frontend File Manager Plugin
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-3244 MEDIUM POC This Month

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Import All Pages Post Types Products Orders And Users As Xml Csv
NVD WPScan
CVSS 3.1
4.2
EPSS
0.4%
CVE-2022-3540 MEDIUM This Month

An issue has been discovered in hunter2 affecting all versions before 2.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hunter2
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-3291 MEDIUM This Month

Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Deserialization Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-3279 MEDIUM This Month

An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-3165 MEDIUM PATCH This Month

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Denial Of Service Qemu Fedora
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-3067 MEDIUM This Month

An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-2592 MEDIUM This Month

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-2455 MEDIUM This Month

A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-3553 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in X.org Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service X Server
NVD VulDB
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-3551 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in X.org Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure X Server Debian Linux Fedora
NVD VulDB
CVSS 3.1
6.5
EPSS
1.7%
CVE-2022-39052 MEDIUM This Month

An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Otrs
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-3567 MEDIUM PATCH This Month

A vulnerability has been found in Linux Kernel and classified as problematic. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.

Linux Race Condition Information Disclosure Linux Kernel
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2022-42147 MEDIUM This Month

kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kkfileview
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-40606 MEDIUM This Month

MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Caldera
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-40605 MEDIUM This Month

MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Caldera
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-3563 MEDIUM PATCH This Month

A vulnerability classified as problematic has been found in Linux Kernel. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity.

Linux Denial Of Service Bluez
NVD VulDB
CVSS 3.1
5.7
EPSS
0.4%
CVE-2022-3533 MEDIUM PATCH This Month

A vulnerability was found in Linux Kernel. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD VulDB
CVSS 3.1
5.7
EPSS
0.4%
CVE-2022-41542 MEDIUM This Month

devhub 0.102.0 was discovered to contain a broken session control. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devhub
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-3544 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-3543 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in Linux Kernel.c of the component BPF. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-3066 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3286 MEDIUM This Month

Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows a group member to bypass IP restrictions when using a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-26375 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Ab Press Optimizer
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-2865 MEDIUM This Month

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-3351 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-3330 MEDIUM This Month

It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-3325 MEDIUM This Month

Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-3293 MEDIUM This Month

Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-3288 MEDIUM This Month

A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-3030 MEDIUM This Month

An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-2908 MEDIUM This Month

A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy