Skip to main content
CVE-2022-42749 MEDIUM POC This Month

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Candidats
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-42748 MEDIUM POC This Month

CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Candidats
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-42747 MEDIUM POC This Month

CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Candidats
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-42746 MEDIUM POC This Month

CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Candidats
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-42753 MEDIUM POC This Month

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Salonerp
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41710 MEDIUM POC This Month

Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Markdownify
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-40276 MEDIUM POC This Month

Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zettlr
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-41435 MEDIUM POC PATCH This Month

OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Luci
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-42743 MEDIUM POC This Month

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Deep Parse Json
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-41714 MEDIUM POC This Month

fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Fastest Json Copy
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-41713 MEDIUM POC PATCH This Month

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Deep Object Diff
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-39276 MEDIUM POC This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Glpi
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-43561 MEDIUM POC This Month

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-43372 MEDIUM POC This Month

Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /admin/store.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Emlog
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-39277 MEDIUM POC This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-39262 MEDIUM POC This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glpi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-43451 MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Openharmony
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-40235 MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-40230 MEDIUM PATCH This Month

"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-34339 MEDIUM PATCH This Month

"IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Cognos Analytics
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-22442 MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-39376 MEDIUM This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-2696 MEDIUM PATCH This Month

The Restaurant Menu - Food Ordering System - Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Restaurant Menu Food Ordering System Table Reservation
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2022-44628 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress 4Ecps Web Forms
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2022-38712 MEDIUM PATCH This Month

"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass IBM Websphere Application Server
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2022-43449 MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3675 MEDIUM This Month

Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fedora Coreos
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36404 MEDIUM This Month

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Simple Seo
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-44627 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemaps. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Simple Seo
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-35642 MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-30615 MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-39375 MEDIUM This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-39372 MEDIUM This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-39371 MEDIUM This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-38710 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-44646 MEDIUM This Month

In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-44622 MEDIUM This Month

In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-36428 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Rock Convert
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-39373 MEDIUM This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-40131 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Page View Count
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-35279 MEDIUM PATCH This Month

"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Business Automation Workflow
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-39370 MEDIUM This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP Glpi
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy