Skip to main content
CVE-2022-45473 MEDIUM POC PATCH This Month

In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Drachtio Server
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43673 MEDIUM POC This Month

Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Wire
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2022-45163 MEDIUM POC This Month

An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure I Mx 6 Firmware I Mx 6Dual Firmware I Mx 6Duallite Firmware I Mx 6Dualplus Firmware +19
NVD
CVSS 3.1
4.6
EPSS
0.6%
CVE-2022-24038 MEDIUM This Month

Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to damage the page where the agents are listed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Infraskope Siem
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-41655 MEDIUM This Month

Auth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress Phone Orders For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-44641 MEDIUM This Month

In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Lava Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-24939 MEDIUM This Month

A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Gecko Software Development Kit Zigbee Emberznet
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-41615 MEDIUM This Month

Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress XSS Store Locator
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2022-40698 MEDIUM This Month

Auth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Quiz And Survey Master
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-38075 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin <= 0.13 on WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress XSS Mantenimiento Web
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2022-41685 MEDIUM This Month

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <=. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Integration For Szamlazz Hu Woocommerce Package Points And Shipping Labels For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-41788 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Soledad
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40963 MEDIUM This Month

Multiple Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wp Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-41839 MEDIUM This Month

Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Loginpress
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-41618 MEDIUM This Month

Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Media Library Assistant
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-41135 MEDIUM This Month

Unauth. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Customizable Wordpress Gallery Plugin Modula Image Gallery
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-44634 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure WordPress S2W Import Shopify To Woocommerce
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-45082 MEDIUM This Month

Multiple Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Accordions
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-41643 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Accessibility
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-43463 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Custom Product Tabs For Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-40216 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Better Messages
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-45369 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Privilege Escalation WordPress Plugin For Google Reviews
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41805 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooCommerce plugin <= 5.6.6 on WordPress. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Booster For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-38974 MEDIUM This Month

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Wpml
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy