Skip to main content
CVE-2022-39069 MEDIUM This Month

There is a SQL injection vulnerability in ZTE ZAIP-AIE. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zte Zaip Aie
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-41212 MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Netweaver Application Server Abap
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-41980 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Mantenimiento Web
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-32776 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Advanced Ads Ad Manager Adsense
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-30545 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS 5 Anker Connect
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-41433 MEDIUM This Month

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/admin_bp/add_application.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Web Interface
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-41432 MEDIUM This Month

EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/report_event/index.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Web Interface
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-41215 MEDIUM This Month

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver Application Server Abap
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2022-20465 MEDIUM This Month

In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Google Privilege Escalation Android
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2022-43491 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Advanced Dynamic Pricing For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-43481 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons for WooCommerce Coupons plugin <= 4.5 on WordPress leading to notice dismissal. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Advanced Coupons
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-40223 MEDIUM This Month

Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Searchwp
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-40206 MEDIUM This Month

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wpforo Forum
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-40205 MEDIUM This Month

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wpforo Forum
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-32587 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wp Page Widget
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-27855 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analytics Cat plugin <= 1.0.9 on WordPress allows Plugin Settings Change. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Analytics Cat
NVD
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy