Skip to main content
CVE-2022-29511 MEDIUM POC This Month

A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lansweeper
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2022-4520 MEDIUM POC PATCH This Month

A vulnerability was found in WSO2 carbon-registry up to 4.8.11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Carbon Registry
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-44235 MEDIUM POC This Month

Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Voip Simplicity Asg
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-23474 MEDIUM POC PATCH This Month

Editor.js is a block-style editor with clean JSON output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Editor Js
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-32763 MEDIUM POC This Month

A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lansweeper
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-4503 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-4502 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-2536 MEDIUM POC This Month

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Authentication Bypass Transposh Wordpress Translation
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-45033 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Expense Tracker
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40373 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Feehicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40002 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Feehicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40001 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Feehicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40000 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Feehicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-28703 MEDIUM POC This Month

A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lansweeper
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-4505 MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-46698 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Icloud Safari +5
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-46695 MEDIUM This Month

A spoofing issue existed in the handling of URLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Ipados Iphone Os macOS +2
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-42852 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-23507 MEDIUM PATCH This Month

Tendermint is a high-performance blockchain consensus engine for Byzantine fault tolerant applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Tendermint Light Client Js Tendermint Light Client Verifier Tendermint Light Client
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-27498 MEDIUM This Month

A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Lansweeper
NVD
CVSS 3.1
6.5
EPSS
38.3%
CVE-2022-4527 MEDIUM PATCH This Month

A vulnerability was found in collective.task up to 3.0.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Collective Task
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4526 MEDIUM PATCH This Month

A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python XSS Django Photologue
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4525 MEDIUM PATCH This Month

A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 58.x and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sleepdata
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4524 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.0.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Soil
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-4523 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in vexim2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Virtual Exim 2
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4522 MEDIUM PATCH This Month

A vulnerability classified as problematic was found in CalendarXP up to 10.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Calendarxp
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4521 MEDIUM PATCH This Month

A vulnerability classified as problematic has been found in WSO2 carbon-registry up to 4.8.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Carbon Registry
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-4514 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in Opencaching Deutschland oc-server3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS Oc Server3
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-4513 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in European Environment Agency eionet.contreg. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Eionet Content Registry
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32531 MEDIUM PATCH This Month

The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Apache Information Disclosure Bookkeeper
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-46768 MEDIUM PATCH This Month

Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Zabbix Information Disclosure Web Service Report Generation Zabbix Agent2
NVD
CVSS 3.1
5.9
EPSS
47.8%
CVE-2022-4519 MEDIUM This Month

The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wp User
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-46702 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-46692 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Microsoft Authentication Bypass Icloud Safari +5
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-42866 MEDIUM This Month

The issue was addressed with improved handling of caches. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42865 MEDIUM This Month

This issue was addressed by enabling hardened runtime. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42862 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42859 MEDIUM This Month

Multiple issues were addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42854 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42853 MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-42851 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow Ipados Iphone Os +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42846 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados Iphone Os
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42843 MEDIUM This Month

This issue was addressed with improved data protection. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-42821 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.5
EPSS
3.9%
CVE-2022-32916 MEDIUM This Month

An out-of-bounds read issue existed that led to the disclosure of kernel memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow Iphone Os
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-46392 MEDIUM This Month

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mbed Tls Fedora
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-32943 MEDIUM This Month

The issue was addressed with improved bounds checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow Ipados Iphone Os +1
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-32833 MEDIUM This Month

An issue existed with the file paths used to store website data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari Iphone Os macOS
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-32945 MEDIUM This Month

An access issue was addressed with additional sandbox restrictions on third-party apps. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy