Skip to main content
CVE-2022-43351 MEDIUM POC This Month

Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Sanitization Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-44793 MEDIUM POC THREAT This Month

handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Net Snmp Debian Linux H300s Firmware +3
NVD GitHub
CVSS 3.1
6.5
EPSS
53.5%
CVE-2022-44792 MEDIUM POC THREAT This Month

handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Net Snmp Debian Linux H300s Firmware +3
NVD GitHub
CVSS 3.1
6.5
EPSS
52.1%
CVE-2022-43317 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Human Resource Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3873 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio prior to 20.5.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Drawio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-3489 MEDIUM POC This Month

The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Wp Hide
NVD WPScan VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-43046 MEDIUM POC This Month

Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Food Ordering Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3462 MEDIUM POC This Month

The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Highlight Focus
NVD WPScan VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3451 MEDIUM POC This Month

The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Product Stock Manager
NVD WPScan VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-2387 MEDIUM POC This Month

The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Easy Digital Downloads
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-38164 MEDIUM This Month

A vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Google Safe
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-44795 MEDIUM This Month

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ootbi
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-44746 MEDIUM This Month

Sensitive information disclosure due to insecure folder permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect Home Office
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-44745 MEDIUM This Month

Sensitive information leak through log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Cyber Protect Home Office
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-2188 MEDIUM This Month

Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Data Exchange Layer
NVD
CVSS 3.1
5.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy