Skip to main content
CVE-2022-31898 MEDIUM POC THREAT This Month

gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gl Mt300N V2 Firmware Gl Ax1800 Firmware
NVD
CVSS 3.1
6.8
EPSS
15.9%
CVE-2022-42055 MEDIUM POC This Month

Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Goodcloud
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2022-39364 MEDIUM POC PATCH This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft Nextcloud Information Disclosure Nextcloud Enterprise Server Nextcloud Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-32407 MEDIUM POC This Month

Softr v2.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via the First Name parameter under the Create A New Account module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Softr
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-0072 MEDIUM POC This Month

Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Openlitespeed
NVD GitHub
CVSS 3.1
5.8
EPSS
1.0%
CVE-2022-42993 MEDIUM POC This Month

Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Password Storage Application
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-42991 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Online Public Access Catalog
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-42992 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Train Scheduler App
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-42054 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Goodcloud
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-24670 MEDIUM This Month

An attacker can use the unrestricted LDAP queries to determine configuration entries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Access Management
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-24669 MEDIUM This Month

It may be possible to gain some details of the deployment through a well-crafted attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Access Management
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-36182 MEDIUM This Month

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp XSS Boundary
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-41702 MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the InsertReg API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
5.4
EPSS
11.1%
CVE-2022-41701 MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutShift API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
5.4
EPSS
11.1%
CVE-2022-41651 MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
5.4
EPSS
11.1%
CVE-2022-41555 MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
5.4
EPSS
11.1%
CVE-2022-40965 MEDIUM This Month

The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PostEnergyType API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
5.4
EPSS
11.1%
CVE-2022-3716 MEDIUM This Month

A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Online Medicine Ordering System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2021-45475 MEDIUM This Month

Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Library Automation System
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-3387 MEDIUM This Month

Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP R Seenet
NVD
CVSS 3.1
5.3
EPSS
14.0%
CVE-2022-39329 MEDIUM PATCH This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Enterprise Server Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-2508 MEDIUM This Month

In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Server
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-40184 MEDIUM PATCH This Month

Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Videojet Multi 4000 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2021-45476 MEDIUM This Month

Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Library Automation System
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2022-40183 MEDIUM PATCH This Month

An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Videojet Multi 4000 Firmware
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2022-39330 MEDIUM PATCH This Month

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Nextcloud Denial Of Service Nextcloud Enterprise Server Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy