Skip to main content
CVE-2022-42197 MEDIUM POC This Month

In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Simple Exam Reviewer Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-26954 MEDIUM POC This Month

Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Nopcommerce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-33231 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Service Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-42200 MEDIUM POC This Month

Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam List. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Exam Reviewer Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41358 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Garage Management System
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.9%
CVE-2022-40084 MEDIUM POC PATCH This Month

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opencrx
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-3619 MEDIUM POC This Month

A vulnerability has been found in Linux Kernel and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel
NVD VulDB
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-3621 MEDIUM PATCH This Month

A vulnerability was found in Linux Kernel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Linux Denial Of Service Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-36966 MEDIUM This Month

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Orion Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy