Skip to main content
CVE-2022-4172 MEDIUM POC PATCH This Month

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Qemu Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-3991 MEDIUM POC This Month

The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update() function in versions up to, and including, 2.3.5 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Photospace Gallery
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-44279 MEDIUM POC This Month

Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Garage Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-44355 MEDIUM POC This Month

SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Solarview Compact Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2022-36433 MEDIUM POC This Month

The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Adobe XSS Amasty Blog Pro
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-45204 MEDIUM POC This Month

GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-3361 MEDIUM POC PATCH This Month

The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress PHP Path Traversal RCE Ultimate Member
NVD VulDB GitHub
CVSS 3.1
4.3
EPSS
5.9%
CVE-2022-42100 MEDIUM POC This Month

KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Klik
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-42099 MEDIUM POC This Month

KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Klik
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36137 MEDIUM POC This Month

ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Churchcrm
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-36136 MEDIUM POC This Month

ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Churchcrm
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-4034 MEDIUM PATCH This Month

The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required.

RCE WordPress Appointment Hour Booking
NVD VulDB
CVSS 3.1
5.8
EPSS
4.2%
CVE-2022-3896 MEDIUM This Month

The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER["REQUEST_URI"] in versions up to, and including, 6.3.9 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Affiliate Platform
NVD
CVSS 3.1
6.1
EPSS
2.7%
CVE-2022-4144 MEDIUM PATCH This Month

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow Qemu Extra Packages For Enterprise Linux +2
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-32966 MEDIUM This Month

RTL8168FP-CG Dash remote management function has missing authorization. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rtl8111Fp Cg Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-4028 MEDIUM PATCH This Month

The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during the profile-save action when modifying a profile signature in. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Simple
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-46155 MEDIUM PATCH This Month

Airtable.js is the JavaScript client for Airtable. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Node.js Information Disclosure Airtable
NVD GitHub
CVSS 3.1
6.4
EPSS
0.4%
CVE-2022-3897 MEDIUM This Month

The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 6.3.9 due to insufficient input sanitization and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wp Affiliate Platform
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-46148 MEDIUM This Month

Discourse is an open-source messaging platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Discourse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41676 MEDIUM This Month

Raiden MAILD Mail Server website mail field has insufficient filtering for user input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Raidenmaild
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-4033 MEDIUM PATCH This Month

The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'question[id]' parameter in versions up to, and including, 8.0.4 due to insufficient input validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Quiz And Survey Master
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-4029 MEDIUM PATCH This Month

The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforum_[md5 hash of the WordPress URL]' cookie value in versions up to, and including, 6.8 due to. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Simple
NVD VulDB
CVSS 3.1
4.7
EPSS
3.2%
CVE-2022-4036 MEDIUM PATCH This Month

The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Appointment Hour Booking
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-3995 MEDIUM PATCH This Month

The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Terawallet
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-46150 MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-45307 MEDIUM This Month

Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Chocolatey Php
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-45306 MEDIUM This Month

Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Chocolatey Azure Pipelines Agent
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-45305 MEDIUM This Month

Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Chocolatey Python3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-45304 MEDIUM This Month

Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Chocolatey Cmder
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-45301 MEDIUM This Month

Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Chocolatey Ruby
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy