Skip to main content
CVE-2022-45918 MEDIUM POC This Month

ILIAS before 7.16 allows External Control of File Name or Path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ilias
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-4341 MEDIUM POC This Month

A vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Coder Chain Gdut
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-44153 MEDIUM POC This Month

Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rapid Scada
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-45917 MEDIUM POC This Month

ILIAS before 7.16 has an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Ilias
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2022-44361 MEDIUM POC This Month

An issue was discovered in ZZCMS 2022. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Zzcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-45217 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Book Store Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-45916 MEDIUM POC This Month

ILIAS before 7.16 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ilias
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-45008 MEDIUM POC This Month

Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Leave Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-39044 MEDIUM PATCH This Month

Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Command Injection HP Wcr 300 Firmware Whr Hp G300N Firmware Whr Hp Gn Firmware +51
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-23471 MEDIUM PATCH This Month

containerd is an open source container runtime. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Containerd
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-34840 MEDIUM PATCH This Month

Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Wzr 300Hp Firmware Wzr 450Hp Firmware Wzr 600Dhp Firmware Wzr 900Dhp Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-45113 MEDIUM This Month

Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Movable Type
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-3643 MEDIUM This Month

Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Broadcom Cisco Denial Of Service Linux Kernel Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-41735 MEDIUM PATCH This Month

IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-45122 MEDIUM This Month

Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Movable Type
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-43668 MEDIUM PATCH This Month

Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Typora
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-41783 MEDIUM This Month

tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure TP-Link Re3000 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-42329 MEDIUM PATCH This Month

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-42328 MEDIUM PATCH This Month

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-45910 MEDIUM This Month

Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Microsoft Code Injection LDAP Manifoldcf
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2022-42486 MEDIUM PATCH This Month

Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-41994 MEDIUM PATCH This Month

Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-37406 MEDIUM This Month

Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aficio Sp 4210N Firmware
NVD
CVSS 3.1
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy