Skip to main content
CVE-2022-4252 MEDIUM POC This Month

A vulnerability was found in SourceCodester Canteen Management System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Canteen Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4250 MEDIUM POC This Month

A vulnerability has been found in Movie Ticket Booking System and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Movie Ticket Booking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4249 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Movie Ticket Booking System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Movie Ticket Booking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4253 MEDIUM POC This Month

A vulnerability was found in SourceCodester Canteen Management System. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Canteen Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-4251 MEDIUM POC This Month

A vulnerability was found in Movie Ticket Booking System and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Movie Ticket Booking System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40849 MEDIUM POC PATCH This Month

ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Thinkcmf
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-41971 MEDIUM This Month

Nextcould Talk android is a video and audio conferencing app for Nextcloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Google Nextcloud Talk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-23737 MEDIUM This Month

An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-43900 MEDIUM PATCH This Month

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Websphere Automation For Ibm Cloud Pak For Watson Aiops
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-41297 MEDIUM This Month

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Db2 On Cloud Pak For Data Db2 Warehouse On Cloud Pak For Data Db2U
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-45050 MEDIUM This Month

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Iguana
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-44212 MEDIUM This Month

In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Goodcloud
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-43901 MEDIUM PATCH This Month

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Websphere Automation For Ibm Cloud Pak For Watson Aiops
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-40204 MEDIUM This Month

A cross-site scripting (XSS) vulnerability exists in all current versions of Digital Alert Systems DASDEC software via the Host Header in undisclosed pages after login. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dasdec Ii Firmware One Net Se Firmware Dasdec I Firmware One Net Firmware +1
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-41970 MEDIUM PATCH This Month

Nextcloud Server is an open source personal cloud server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Authentication Bypass Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-41968 MEDIUM PATCH This Month

Nextcloud Server is an open source personal cloud server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Nextcloud Denial Of Service Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-3711 MEDIUM This Month

A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos SQLi Xg Firewall Firmware
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy