Skip to main content
CVE-2022-41681 HIGH PATCH This Week

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Formalms
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41644 HIGH PATCH This Week

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Infrasuite Device Master
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-3441 MEDIUM POC This Month

The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Rock Convert
NVD WPScan VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3420 MEDIUM POC This Month

The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Official Integration For Billingo
NVD WPScan VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3408 MEDIUM POC This Month

The WP Word Count WordPress plugin through 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Word Count
NVD WPScan VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3237 MEDIUM POC This Month

The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Contact Slider
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-31690 HIGH PATCH This Week

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Java Spring Security Active Iq Unified Manager
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-3059 HIGH This Week

The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schoolbox
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-39019 HIGH This Week

Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hubshare
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-39018 HIGH This Week

Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hubshare
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-41776 HIGH PATCH This Week

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Infrasuite Device Master
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-41688 HIGH PATCH This Week

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Infrasuite Device Master
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-39294 HIGH PATCH This Week

conduit-hyper integrates a conduit application with the hyper server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Conduit Hyper
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-2741 HIGH PATCH This Week

The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-37620 HIGH This Week

A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Html Minifier Terser Html Minifier
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-40617 HIGH This Week

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Strongswan Ubuntu Linux Debian Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-40488 MEDIUM PATCH This Month

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Processwire
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-42924 MEDIUM PATCH This Month

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Formalms
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-41680 MEDIUM PATCH This Month

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Formalms
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3499 MEDIUM This Month

An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nessus
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-40742 MEDIUM This Month

Mail SQR Expert system has a Local File Inclusion vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Mail Sqr Expert
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-39023 MEDIUM This Month

U-Office Force Download function has a path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal U Office Force
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-39022 MEDIUM This Month

U-Office Force Download function has a path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal U Office Force
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-40487 MEDIUM PATCH This Month

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Processwire
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-40290 MEDIUM This Month

The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Php Point Of Sale
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-39020 MEDIUM This Month

Multiple instances of XSS (stored and reflected) was found in the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload Schoolbox
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41679 MEDIUM PATCH This Month

Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Formalms
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39025 MEDIUM This Month

U-Office Force PrintMessage function has insufficient filtering for special characters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS U Office Force
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39024 MEDIUM This Month

U-Office Force Bulletin function has insufficient filtering for special characters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS U Office Force
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39021 MEDIUM This Month

U-Office Force login function has an Open Redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Open Redirect U Office Force
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39017 MEDIUM This Month

Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hubshare
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40739 MEDIUM This Month

Ragic report generation page has insufficient filtering for special characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ragic
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-39027 MEDIUM This Month

U-Office Force Forum function has insufficient filtering for special characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS U Office Force
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-39026 MEDIUM This Month

U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS U Office Force
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40292 MEDIUM This Month

The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Php Point Of Sale
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-40295 MEDIUM This Month

The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Php Point Of Sale
NVD
CVSS 3.1
4.9
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy