Skip to main content
CVE-2022-46402 MEDIUM POC This Month

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bm78 Firmware Bm83 Firmware Rn4870 Firmware Rn4871 Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-4613 MEDIUM POC This Month

A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as critical. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Passwordstate
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-4612 MEDIUM POC This Month

A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Passwordstate
NVD VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-4107 MEDIUM POC This Month

The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Smsa Shipping For Woocommerce
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-4024 MEDIUM POC This Month

The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Pie Register
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3961 MEDIUM POC This Month

The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Directorist
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-3876 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Passwordstate
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-47549 MEDIUM POC This Month

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Jwt Attack Authentication Bypass Op Tee
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-4615 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-4610 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Passwordstate
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-46401 MEDIUM POC This Month

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bm78 Firmware Bm83 Firmware Rn4870 Firmware Rn4871 Firmware +8
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-46400 MEDIUM POC This Month

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bm78 Firmware Bm83 Firmware Rn4870 Firmware Rn4871 Firmware +5
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-4614 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository alagrede/znote-app prior to 1.7.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Znote
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-31683 MEDIUM POC PATCH This Month

Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Concourse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-4058 MEDIUM POC This Month

The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Photo Gallery
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-3987 MEDIUM POC This Month

The Responsive Lightbox2 WordPress plugin before 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Lightbox2
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3986 MEDIUM POC This Month

The WP Stripe Checkout WordPress plugin before 1.2.2.21 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Stripe Checkout
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3985 MEDIUM POC This Month

The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Videojs Html5 Player
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3984 MEDIUM POC This Month

The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Flowplayer Video Player
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3983 MEDIUM POC This Month

The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Checkout For Paypal
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3937 MEDIUM POC This Month

The Easy Video Player WordPress plugin before 1.2.2.3 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Video Player
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-4609 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Memos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-3877 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Passwordstate
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-4611 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Passwordstate
NVD VulDB
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-47547 MEDIUM POC This Month

GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gossipsub
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-40435 MEDIUM POC This Month

Employee Performance Evaluation System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via adding new entries under the Departments and Designations module. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Employee Performance Evaluation System
NVD VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-4108 MEDIUM POC This Month

The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input used to generate system path, allowing high privilege users such as admin to download arbitrary file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Wholesale Market For Woocommerce
NVD WPScan
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-4112 MEDIUM POC This Month

The Quizlord WordPress plugin through 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Quizlord
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-3832 MEDIUM POC This Month

The External Media WordPress plugin before 1.0.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS External Media
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-4125 MEDIUM POC This Month

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Popup Manager
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-4124 MEDIUM POC This Month

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Popup Manager
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-40607 MEDIUM This Month

IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Spectrum Scale
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2022-43486 MEDIUM This Month

Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Wsr 3200Ax4S Firmware Wsr 3200Ax4B Firmware Wsr 2533Dhp2 Firmware +10
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-43466 MEDIUM This Month

OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wsr 3200Ax4S Firmware Wsr 3200Ax4B Firmware Wsr 2533Dhp2 Firmware Wsr A2533Dhp2 Firmware +6
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2022-23536 MEDIUM PATCH This Month

Cortex provides multi-tenant, long term storage for Prometheus. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cortex
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-42453 MEDIUM This Month

There are insufficient warnings when a Fixlet is imported by a user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Bigfix Platform
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-39160 MEDIUM PATCH This Month

IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cognos Analytics
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-40743 MEDIUM This Month

Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.0.0 to 9.1.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Traffic Server
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-47500 MEDIUM PATCH This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.8.0 to 1.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Open Redirect Helix
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-38662 MEDIUM This Month

In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Hcl Digital Experience
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-46288 MEDIUM This Month

Open redirect vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Electronic Bidding Core System
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-46287 MEDIUM This Month

Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Electronic Bidding Core System
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-41993 MEDIUM This Month

Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Electronic Bidding Core System
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-47512 MEDIUM This Month

Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Solarwinds Platform
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-23543 MEDIUM This Month

Silverware Games is a social network where people can play games online. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Silverwaregames
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-44488 MEDIUM This Month

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Open Redirect Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-44474 MEDIUM This Month

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-44471 MEDIUM This Month

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-44470 MEDIUM This Month

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-44467 MEDIUM This Month

Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy