Skip to main content
CVE-2022-0585 MEDIUM POC This Month

Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2022-25323 MEDIUM POC This Month

ZEROF Web Server 2.0 allows /admin.back XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Web Server
NVD GitHub
CVSS 3.1
6.1
EPSS
3.2%
CVE-2022-25321 MEDIUM POC PATCH This Month

An issue was discovered in Cerebrate through 1.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Cerebrate
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-25319 MEDIUM POC PATCH This Month

An issue was discovered in Cerebrate through 1.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Cerebrate
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2022-24370 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader Foxit reader 11.0.1.0719 macOS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Apple Information Disclosure Pdf Editor +1
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2022-24368 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.1.0.52543. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Pdf Editor Pdf Reader
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2022-21800 MEDIUM This Month

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mimosa Management Platform C6X Firmware C5X Firmware C5C Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-0673 MEDIUM PATCH This Month

A flaw was found in LemMinX in versions prior to 0.19.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Lemminx
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-0451 MEDIUM PATCH This Month

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Dart Software Development Kit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-25313 MEDIUM PATCH This Month

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libexpat Debian Linux Fedora Http Server +2
NVD GitHub
CVSS 3.1
6.5
EPSS
3.3%
CVE-2022-23647 MEDIUM PATCH This Month

Prism is a syntax highlighting library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prism
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-25317 MEDIUM PATCH This Month

An issue was discovered in Cerebrate through 1.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Cerebrate
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-23645 MEDIUM PATCH This Month

swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Swtpm Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-24061 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Dicom Viewer Pro
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2022-24060 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Dicom Viewer Pro
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2022-24055 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Dicom Viewer Pro
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2022-0672 MEDIUM PATCH This Month

A flaw was found in LemMinX in versions prior to 0.19.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Lemminx
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-25358 MEDIUM PATCH This Month

A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Awful Salmonella Tar
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-25336 MEDIUM PATCH This Month

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ez Platform Kernel
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-25320 MEDIUM PATCH This Month

An issue was discovered in Cerebrate through 1.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cerebrate
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-23981 MEDIUM This Month

The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Perfect Brands For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-25318 MEDIUM PATCH This Month

An issue was discovered in Cerebrate through 1.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Cerebrate
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy