Skip to main content
CVE-2022-43096 MEDIUM POC This Month

Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediatrix 4102S Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2022-43192 MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Dedecms
NVD GitHub
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-43171 MEDIUM POC PATCH This Month

A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Lief
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-39389 MEDIUM POC PATCH This Month

Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Btcd Lightning Network Daemon
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-43142 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Password Storage Application
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-42187 MEDIUM POC This Month

Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hustoj
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-36432 MEDIUM POC This Month

The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Adobe XSS Blog Pro
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-4053 MEDIUM POC This Month

A vulnerability was found in Student Attendance Management System. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Student Attendance Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-41791 MEDIUM This Month

Auth. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection WordPress Profilegrid
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2022-20460 MEDIUM This Month

In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the memory mapping due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20459 MEDIUM This Month

In (TBD) of (TBD), there is a possible way to redirect code execution due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Google Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20428 MEDIUM This Month

In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20427 MEDIUM This Month

In (TBD) of (TBD), there is a possible way to corrupt memory due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-43332 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wondercms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-41132 MEDIUM This Month

Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Ezoic
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-39181 MEDIUM This Month

GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Reports
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-36357 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ultimate Tables
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-45375 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Ifeature Slider
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-38390 MEDIUM PATCH This Month

Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-42954 MEDIUM This Month

Keyfactor EJBCA before 7.10.0 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Kefactor Ejbca
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-39834 MEDIUM This Month

A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Primekey Ejbca
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-42960 MEDIUM This Month

EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Equalweb Accessibility Widget
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-39178 MEDIUM This Month

Webvendome - webvendome Internal Server IP Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Webvendome
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-3090 MEDIUM This Month

Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Crimson
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-42892 MEDIUM This Month

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Syngo Dynamics Cardiovascular Imaging And Information System
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-40751 MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Urbancode Deploy
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-44736 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Chameleon
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-44591 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Anthologize
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-41315 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Ezoic
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-40694 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS News Announcement Scroll
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-42985 MEDIUM PATCH This Month

The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Scratch Login
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-45072 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wpml
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-38461 MEDIUM This Month

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Wpml
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy