Skip to main content
CVE-2022-36221 MEDIUM POC This Month

Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nokia Fastmile Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-40841 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ndkadvancedcustomizationfields
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-46096 MEDIUM POC This Month

A Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid-19 Directory on Vaccination System v1.0 allows attackers to execute arbitrary code via the txtfullname parameter or txtphone. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Covid 19 Directory On Vaccination System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-46095 MEDIUM POC This Month

Sourcecodester Covid-19 Directory on Vaccination System 1.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via verification.php because the program does not verify the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Covid 19 Directory On Vaccination System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4617 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-4640 MEDIUM POC This Month

A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mcms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-25929 MEDIUM POC PATCH This Month

The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Smoothie Charts
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-4630 MEDIUM POC PATCH This Month

Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Daloradius
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-46662 MEDIUM This Month

Roxio Creator LJB starts another program with an unquoted file path. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Roxio Creator Ljb
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-44756 MEDIUM This Month

Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bigfix Insights For Vulnerability Remediation
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-4638 MEDIUM PATCH This Month

A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Collective Contact Widget
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4637 MEDIUM PATCH This Month

A vulnerability classified as problematic has been found in ep3-bs up to 1.7.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ep 3 Bookingsystem
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4632 MEDIUM PATCH This Month

A vulnerability has been found in Auto Upload Images up to 3.3.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Auto Upload Images
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4631 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in WP-Ban. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS Wp Ban
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-38655 MEDIUM This Month

BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bigfix Webui
NVD
CVSS 3.1
5.8
EPSS
0.4%
CVE-2022-4641 MEDIUM PATCH This Month

A vulnerability was found in pig-vector and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Java Apache Information Disclosure Pig Vector
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-4642 MEDIUM PATCH This Month

A vulnerability was found in tatoeba2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Tatoeba2
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-43543 MEDIUM This Month

KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Google Message
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3189 MEDIUM PATCH This Month

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF PHP Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-3188 MEDIUM PATCH This Month

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

PHP Authentication Bypass Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-3187 MEDIUM PATCH This Month

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Authentication Bypass Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-3185 MEDIUM PATCH This Month

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product exposes sensitive data concerning the device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware Iboot Pdu4Sa N20 Firmware +8
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-23551 MEDIUM PATCH This Month

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Microsoft Kubernetes Azure Ad Pod Identity
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-42454 MEDIUM This Month

Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Bigfix Insights For Vulnerability Remediation
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-44449 MEDIUM This Month

Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zenphoto
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy