Skip to main content
CVE-2022-3632 MEDIUM POC This Month

The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Oauth Client
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3538 MEDIUM POC This Month

The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Webmaster Tools Verification
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-2449 MEDIUM POC This Month

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Resmush It Image Optimizer
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3578 MEDIUM POC This Month

The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Profilegrid
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-3484 MEDIUM POC This Month

The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Show Core
NVD WPScan VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-3415 MEDIUM POC This Month

The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Chat Bubble
NVD WPScan VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-0137 MEDIUM POC PATCH This Month

A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Htmldoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-37290 MEDIUM POC PATCH This Month

GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Nautilus Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43342 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eramba
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3631 MEDIUM POC This Month

The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Oauth Client
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3539 MEDIUM POC This Month

The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Super Testimonials
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3469 MEDIUM POC This Month

The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Attachments
NVD WPScan VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2450 MEDIUM POC This Month

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 lacks authorization in various AJAX actions, allowing any logged-in users, such as subscribers to call. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Resmush It Image Optimizer
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-40903 MEDIUM This Month

Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repeated failed access attempts, which allows an attacker to gain administrative privileges. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gt Dmb N Firmware Gt Dmb Firmware Gt Dmb Lvn Firmware Gt Db Vn Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-43686 MEDIUM PATCH This Month

In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Concrete Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-39385 MEDIUM PATCH This Month

Discourse is the an open source discussion platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-44389 MEDIUM This Month

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit Admin Profile module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Eyoucms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-33982 MEDIUM This Month

DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-33907 MEDIUM This Month

DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... Rated medium severity (CVSS 6.4). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-32266 MEDIUM This Month

DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow Kernel
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-30773 MEDIUM This Month

DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-43690 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Concrete Cms
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2022-43968 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Concrete Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-43967 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Concrete Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-38167 MEDIUM This Month

The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Workflow
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-43694 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Concrete Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-43692 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Concrete Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-38705 MEDIUM PATCH This Month

IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Cics Tx
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-3992 MEDIUM This Month

A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sanitization Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3988 MEDIUM PATCH This Month

A vulnerability was found in Frappe. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Frappe
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-43295 MEDIUM This Month

XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35719 MEDIUM PATCH This Month

IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Mq Internet Pass Thru
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-43687 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Concrete Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-41913 MEDIUM PATCH This Month

Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Calendar
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44390 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-34317 MEDIUM PATCH This Month

IBM CICS TX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-34315 MEDIUM PATCH This Month

IBM CICS TX 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-43691 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Concrete Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-43689 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Concrete Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-34316 MEDIUM PATCH This Month

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-34329 MEDIUM PATCH This Month

IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-43695 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-43688 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in icons since the Microsoft application tile color is not sanitized. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Concrete Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3903 MEDIUM This Month

An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Denial Of Service Memory Corruption Linux Kernel
NVD
CVSS 3.1
4.6
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy