Skip to main content
CVE-2022-0577 MEDIUM POC PATCH This Month

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Scrapy Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-25114 MEDIUM POC This Month

Event Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the full_name parameter under register.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Event Management
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-23395 MEDIUM POC This Month

jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution XSS Jquery Cookie
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-23779 MEDIUM POC THREAT This Month

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD
CVSS 3.1
5.3
EPSS
15.1%
CVE-2021-38268 MEDIUM PATCH This Month

The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-3658 MEDIUM PATCH This Month

bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Bluez Fedora
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2022-24447 MEDIUM This Month

An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Key Manager Plus
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-24722 MEDIUM PATCH This Month

VIewComponent is a framework for building view components in Ruby on Rails. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Viewcomponent
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-23958 MEDIUM PATCH This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-23957 MEDIUM PATCH This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-23955 MEDIUM PATCH This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-23954 MEDIUM PATCH This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-23956 MEDIUM This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-23953 MEDIUM This Month

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service HP Probook 440 G8 Firmware Prodesk 405 G6 Small Form Factor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-22350 MEDIUM This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-22303 MEDIUM PATCH This Month

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Fortinet Information Disclosure Fortimanager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-25051 MEDIUM PATCH This Month

An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Rtl 433
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-25050 MEDIUM PATCH This Month

rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Memory Corruption Buffer Overflow Rlt 433
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-23656 MEDIUM PATCH This Month

Zulip is an open source team chat app. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zulip Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-22944 MEDIUM PATCH This Month

VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

VMware XSS Workspace One Boxer
NVD
CVSS 3.1
5.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy