Skip to main content
CVE-2022-4211 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'emailf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Chained Quiz
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-4210 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Chained Quiz
NVD VulDB GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-4214 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Chained Quiz
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-4212 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ipf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Chained Quiz
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-4209 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pointsf' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Chained Quiz
NVD VulDB GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-2807 CRITICAL Act Now

SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.1.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Prens Student Information System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2022-2641 CRITICAL PATCH Act Now

Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Rcc972 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-46145 CRITICAL Act Now

authentik is an open-source identity provider. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-44363 CRITICAL Act Now

Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Tenda Buffer Overflow I21 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-45482 CRITICAL Act Now

Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Lazy Mouse
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-46366 CRITICAL PATCH Act Now

Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Deserialization Tapestry
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-4217 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Chained Quiz
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-4216 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook_appid' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Chained Quiz
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-44946 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-44944 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-44957 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-44947 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-44951 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-44950 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-44949 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-44952 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-44948 MEDIUM POC This Month

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rukovoditel
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-44959 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44956 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44954 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44953 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44962 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44961 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44960 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44955 MEDIUM POC This Month

webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webtareas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-4218 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Chained Quiz
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-4220 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Chained Quiz
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-4219 MEDIUM POC PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Chained Quiz
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-4271 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Osticket
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-2808 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection.1.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Prens Student Information System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-4262 HIGH POC KEV PATCH THREAT This Week

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Information Disclosure Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
16.1%
CVE-2022-46167 HIGH PATCH This Week

Capsule is a multi-tenancy and policy-based framework for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Authentication Bypass Kubernetes Capsule
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-23465 HIGH PATCH This Week

SwiftTerm is a Xterm/VT100 Terminal emulator. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Swiftterm
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-3591 HIGH PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0789. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Vim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-3086 HIGH This Week

Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Uc 8580 T Lx Firmware Uc 8580 T Ct Lx Firmware Uc 8580 T Q Lx Firmware +47
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2022-2642 HIGH PATCH This Week

Horner Automation’s RCC 972 firmware version 15.40 contains global variables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rcc972 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-2640 HIGH PATCH This Week

The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rcc972 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-4213 MEDIUM PATCH This Month

The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dn' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.2 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Chained Quiz
NVD VulDB
CVSS 3.1
6.1
EPSS
3.8%
CVE-2022-45483 MEDIUM This Month

Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Lazy Mouse
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2022-45480 MEDIUM This Month

PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Pc Keyboard Wifi Bluetooth
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2022-45215 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Book Store Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-46159 MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-4270 LOW Monitor

Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation M Files Server
NVD
CVSS 3.1
2.6
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy