Skip to main content
CVE-2022-4111 MEDIUM POC PATCH This Month

Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Tooljet
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-41940 MEDIUM POC PATCH This Month

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js Information Disclosure Engine Io
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2022-45536 MEDIUM POC This Month

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Aerocms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-45535 MEDIUM POC This Month

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Aerocms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-45529 MEDIUM POC This Month

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Aerocms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-41445 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teacher Record Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2022-42097 MEDIUM POC This Month

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Backdrop
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2022-42094 MEDIUM POC This Month

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Backdrop
NVD GitHub
CVSS 3.1
4.8
EPSS
2.5%
CVE-2022-41223 MEDIUM KEV THREAT This Month

The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Mivoice Connect
NVD
CVSS 3.1
6.8
EPSS
10.6%
CVE-2022-40765 MEDIUM KEV THREAT This Month

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Mivoice Connect
NVD
CVSS 3.1
6.8
EPSS
10.5%
CVE-2022-44737 MEDIUM This Month

Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) - Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF All In One Wp Security Firewall
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2022-39067 MEDIUM This Month

There is a buffer overflow vulnerability in ZTE MF286R. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Denial Of Service Buffer Overflow Mf286R Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-38462 MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Framework
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-43708 MEDIUM PATCH This Month

MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Mybb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-43707 MEDIUM PATCH This Month

MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Mybb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39199 MEDIUM PATCH This Month

immudb is a database with built-in cryptographic proof and verification. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Immudb
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-2513 MEDIUM This Month

A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass 650Connectivitypackage 670Connectivitypackage Gms600Connectivitypackage Pcm600 +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-40954 MEDIUM PATCH This Month

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Apache Command Injection Airflow Apache Airflow Providers Apache Spark
NVD GitHub
CVSS 3.1
5.5
EPSS
1.4%
CVE-2022-40228 MEDIUM This Month

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Datapower Gateway
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-45363 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Betheme
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-41952 MEDIUM PATCH This Month

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Synapse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-3500 MEDIUM PATCH This Month

A vulnerability was found in keylime. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Information Disclosure Keylime Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.1
EPSS
0.2%
CVE-2022-43709 MEDIUM PATCH This Month

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

SQLi Mybb
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-39397 MEDIUM PATCH This Month

aliyun-oss-client is a rust client for Alibaba Cloud OSS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Aliyun Oss Client
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy