Skip to main content
CVE-2022-39367 MEDIUM POC PATCH This Month

QTIWorks is a software suite for standards-based assessment delivery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Qtiworks
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-43283 MEDIUM POC This Month

wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Wabt
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43170 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-43169 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-43167 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-43166 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-43165 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-43164 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-3402 MEDIUM PATCH This Month

The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Log Http Requests
NVD VulDB
CVSS 3.1
6.1
EPSS
3.5%
CVE-2022-3228 MEDIUM This Month

Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow H0 Ecom100 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3400 MEDIUM This Month

The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Bricks
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-37424 MEDIUM This Month

Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Opennebula
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-26884 MEDIUM PATCH This Month

Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Path Traversal Dolphinscheduler
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-3018 MEDIUM This Month

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-2882 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy