Skip to main content
CVE-2022-24189 MEDIUM POC This Month

The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ourphoto
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-44937 MEDIUM POC This Month

Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Bosscms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3511 MEDIUM POC This Month

The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets archive to be downloaded belongs to the user making the request, allowing a low privileged user, such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Awesome Support
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-45214 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Sanitization Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-46147 MEDIUM POC PATCH This Month

Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Xblock Drag And Drop V2
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-3847 MEDIUM POC This Month

The Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Showing Url In Qr Code
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-2311 MEDIUM POC This Month

The Find and Replace All WordPress plugin before 1.3 does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Find And Replace All
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4104 MEDIUM POC This Month

A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lepton
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43590 MEDIUM POC This Month

A null pointer dereference vulnerability exists in the handle_ioctl_0x830a0_systembuffer functionality of Callback technologies CBFS Filter 20.0.8317. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Cbfs Filter
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43589 MEDIUM POC This Month

A null pointer dereference vulnerability exists in the handle_ioctl_8314C functionality of Callback technologies CBFS Filter 20.0.8317. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Cbfs Filter
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43588 MEDIUM POC This Month

A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Cbfs Filter
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-44284 MEDIUM POC This Month

Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dag2000 16O Firmware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3839 MEDIUM POC This Month

The Analytics for WP WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Analytics For Wp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3834 MEDIUM POC This Month

The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS Google Forms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3833 MEDIUM POC This Month

The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Fancier Author Box
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3831 MEDIUM POC This Month

The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Recaptcha
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3828 MEDIUM POC This Month

The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Video Thumbnails
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3824 MEDIUM POC This Month

The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Admin Ui Customize
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3822 MEDIUM POC This Month

The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Donations Via Paypal
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3610 MEDIUM POC This Month

The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Jeeng Push Notifications
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3601 MEDIUM POC This Month

The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Image Hover Effects Css3
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2983 MEDIUM POC This Month

The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Salat Times
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3850 MEDIUM POC This Month

The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Find And Replace All
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-4169 MEDIUM PATCH This Month

The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Theme And Plugin Translation For Polylang
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-38753 MEDIUM This Month

This update resolves a multi-factor authentication bypass attack. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Netiq Advanced Authentication
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2022-41965 MEDIUM PATCH This Month

Opencast is a free, open-source platform to support the management of educational audio and video content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Opencast
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-4129 MEDIUM This Month

A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Denial Of Service Layer 2 Tunneling Protocol Fedora
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-4128 MEDIUM PATCH This Month

A NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when traversing the subflow list at disconnect time. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Linux Denial Of Service Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-4127 MEDIUM PATCH This Month

A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Linux Denial Of Service Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41732 MEDIUM This Month

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Maximo Application Suite
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-45224 MEDIUM This Month

Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin/add-admin.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Web Based Student Clearance System
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-45223 MEDIUM This Month

Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /Admin/add-student.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Web Based Student Clearance System
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-45221 MEDIUM This Month

Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Web Based Student Clearance System
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3823 MEDIUM This Month

The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Beautiful Cookie Consent Banner
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-41944 MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-41921 MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy