Skip to main content
CVE-2022-45475 MEDIUM POC This Month

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tiny File Manager
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-41712 MEDIUM POC This Month

Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Frappe
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-39333 MEDIUM POC PATCH This Month

Nexcloud desktop is the Desktop sync client for Nextcloud. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nextcloud XSS Desktop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0698 MEDIUM POC This Month

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-4091 MEDIUM POC This Month

A vulnerability was found in SourceCodester Canteen Management System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Canteen Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-45205 MEDIUM POC This Month

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecg Boot
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-39332 MEDIUM POC PATCH This Month

Nexcloud desktop is the Desktop sync client for Nextcloud. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud XSS Desktop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-39331 MEDIUM POC PATCH This Month

Nexcloud desktop is the Desktop sync client for Nextcloud. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud XSS Desktop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-45040 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wbce Cms
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-45038 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wbce Cms
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-45037 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wbce Cms
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-45036 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wbce Cms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-39334 MEDIUM POC PATCH This Month

Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Rated medium severity (CVSS 4.7). Public exploit code available.

Nextcloud Information Disclosure Desktop
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2022-45210 MEDIUM POC PATCH This Month

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Jeecg Boot
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-45208 MEDIUM POC PATCH This Month

Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Jeecg Boot
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-39346 MEDIUM PATCH This Month

Nextcloud server is an open source personal cloud server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Denial Of Service Nextcloud Enterprise Server Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-29833 MEDIUM This Month

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gx Works3
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-29832 MEDIUM This Month

Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gx Works3
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-45888 MEDIUM This Month

An issue was discovered in the Linux kernel through 6.0.9. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Information Disclosure Linux Linux Kernel H410c Firmware +4
NVD
CVSS 3.1
6.4
EPSS
0.7%
CVE-2022-45225 MEDIUM This Month

Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Book Store Management System
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39325 MEDIUM PATCH This Month

BaserCMS is a content management system with a japanese language focus. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-45218 MEDIUM This Month

Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Human Resource Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41926 MEDIUM PATCH This Month

Nextcould talk android is the android OS implementation of the nextcloud talk chat system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nextcloud Information Disclosure Google Talk
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-39338 MEDIUM PATCH This Month

user_oidc is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Apple XSS Openid Connect User Backend
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-45887 MEDIUM This Month

An issue was discovered in the Linux kernel through 6.0.9. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Linux Linux Kernel H410c Firmware +4
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2022-39339 MEDIUM PATCH This Month

user_oidc is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Openid Connect User Backend
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy