Skip to main content
CVE-2022-3247 MEDIUM POC This Month

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Blog2Social
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-3097 MEDIUM POC This Month

The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Lbstopattack
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-32574 MEDIUM POC This Month

A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Iota All In One Security Kit Firmware
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-2762 MEDIUM POC This Month

The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Adminpad
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3644 MEDIUM POC PATCH This Month

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pulp Ansible Ansible Automation Platform Satellite Update Infrastructure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-39837 MEDIUM POC This Month

An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Diagnostic Log And Trace
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-39836 MEDIUM POC This Month

An issue was discovered in Connected Vehicle Systems Alliance (COVESA) dlt-daemon through 2.18.8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Diagnostic Log And Trace
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35739 MEDIUM POC This Month

PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Prtg Network Monitor
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-3392 MEDIUM POC This Month

The WP Humans.txt WordPress plugin through 1.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Humans Txt
NVD WPScan VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-3391 MEDIUM POC This Month

The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Retain Live Chat
NVD WPScan VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-3350 MEDIUM POC This Month

The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Contact Bank
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-28170 MEDIUM This Month

Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-36454 MEDIUM This Month

A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Micollab
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-33757 MEDIUM This Month

An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nessus
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-38162 MEDIUM This Month

Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS F Secure Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-31468 MEDIUM This Month

OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-27913 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-38200 MEDIUM This Month

A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-38199 MEDIUM This Month

A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arcgis Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-38198 MEDIUM PATCH This Month

There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Arcgis Server
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38197 MEDIUM This Month

Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Arcgis Server
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38195 MEDIUM This Month

There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arcgis Server
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-33181 MEDIUM This Month

An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-33180 MEDIUM This Month

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3344 MEDIUM PATCH This Month

A flaw was found in the KVM's AMD nested virtualization (SVM). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Amd Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39349 MEDIUM PATCH This Month

The Tasks.org Android app is an open-source app for to-do lists and reminders. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Tasks
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39350 MEDIUM PATCH This Month

@dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dependency Track Frontend
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-36783 MEDIUM This Month

AlgoSec - FireFlow Reflected Cross-Site-Scripting (RXSS) A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fireflow
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-34870 MEDIUM PATCH This Month

Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Geode
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-27912 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-39340 MEDIUM PATCH This Month

OpenFGA is an authorization/permission engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Openfga
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-39315 MEDIUM PATCH This Month

Kirby is a Content Management System. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kirby
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-39351 MEDIUM This Month

Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dependency Track
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-27622 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Synology Diskstation Manager
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy