Skip to main content
CVE-2022-44244 MEDIUM POC This Month

An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Lin Cms
NVD GitHub
CVSS 3.1
6.6
EPSS
1.0%
CVE-2022-29481 MEDIUM POC This Month

A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ir302 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-26023 MEDIUM POC This Month

A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ir302 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43321 MEDIUM POC This Month

Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Shopwind
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-43121 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-43120 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-43119 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clansphere
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-43118 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flatcore Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-43320 MEDIUM POC This Month

FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Feehicms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-0031 MEDIUM This Month

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Privilege Escalation Cortex Xsoar
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-41122 MEDIUM This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-41097 MEDIUM This Month

Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Windows 10 Windows 11 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-38015 MEDIUM This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41978 MEDIUM This Month

Auth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Privilege Escalation WordPress Zoho Crm Lead Magnet
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2022-44590 MEDIUM This Month

Auth. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Simple Video Embedder
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-41086 MEDIUM This Month

Windows Group Policy Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Information Disclosure Microsoft Windows 10 Windows 11 +7
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2022-3486 MEDIUM This Month

An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Open Redirect
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-3280 MEDIUM This Month

An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-31688 MEDIUM PATCH This Month

VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

VMware XSS Workspace One Assist
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41104 MEDIUM This Month

Microsoft Excel Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass 365 Apps Excel Office +1
NVD VulDB
CVSS 3.1
5.5
EPSS
2.5%
CVE-2022-41116 MEDIUM This Month

Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Microsoft Denial Of Service Windows 7 Windows Server 2008
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-41090 MEDIUM This Month

Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Microsoft Denial Of Service Windows 10 Windows 11 +7
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-44563 MEDIUM This Month

There is a race condition vulnerability in SD upgrade mode. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-41105 MEDIUM This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
5.5
EPSS
1.7%
CVE-2022-41060 MEDIUM This Month

Microsoft Word Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel +5
NVD VulDB
CVSS 3.1
5.5
EPSS
1.7%
CVE-2022-41103 MEDIUM This Month

Microsoft Word Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel +5
NVD VulDB
CVSS 3.1
5.5
EPSS
1.6%
CVE-2022-41064 MEDIUM PATCH This Month

.NET Framework Information Disclosure Vulnerability. Rated medium severity (CVSS 5.8).

Information Disclosure Net Framework Nuget
NVD
CVSS 3.1
5.8
EPSS
0.7%
CVE-2022-41098 MEDIUM PATCH This Month

Windows GDI+ Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Microsoft Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-41055 MEDIUM This Month

Windows Human Interface Device Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows Server 2019 +1
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-23824 MEDIUM PATCH This Month

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Xen Athlon X4 750 Firmware Athlon X4 760K Firmware Athlon X4 830 Firmware +165
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-3483 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-3265 MEDIUM This Month

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
86.3%
CVE-2022-41091 MEDIUM KEV PATCH THREAT This Month

Windows Mark of the Web Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.4
EPSS
2.0%
CVE-2022-41049 MEDIUM KEV PATCH THREAT This Month

Windows Mark of the Web Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.4
EPSS
2.5%
CVE-2022-39307 MEDIUM PATCH This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Grafana
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-2761 MEDIUM This Month

An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure Atlassian
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-44560 MEDIUM This Month

The launcher module has an Intent redirection vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-44553 MEDIUM This Month

The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-41099 MEDIUM This Month

BitLocker Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 Windows 11
NVD
CVSS 3.1
4.6
EPSS
3.6%
CVE-2022-41066 MEDIUM This Month

Microsoft Business Central Information Disclosure Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft Dynamics 365 Business Central 2019 Dynamics 365 Business Central 2021 Dynamics 365 Business Central 2022 +1
NVD
CVSS 3.1
4.4
EPSS
1.1%
CVE-2022-44548 MEDIUM This Month

There is a vulnerability in permission verification during the Bluetooth pairing process. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-29836 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal My Cloud Home Firmware My Cloud Home Duo Firmware Sandisk Ibi Firmware
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-3447 MEDIUM This Month

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-43488 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to rule type migration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Advanced Dynamic Pricing For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy