Skip to main content
CVE-2022-23265 HIGH This Week

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Defender For Iot
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2022-24753 HIGH PATCH This Week

Stripe CLI is a command-line tool for the Stripe eCommerce platform. Rated high severity (CVSS 7.0). This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Microsoft Command Injection Apple Stripe Cli
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-24525 HIGH This Week

Windows Update Stack Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 Windows 11 +1
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2022-24505 HIGH This Week

Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 Windows 11 +4
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-24460 HIGH This Week

Tablet Windows User Interface Application Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server +2
NVD
CVSS 3.1
7.0
EPSS
1.9%
CVE-2022-23298 HIGH This Week

Windows NT OS Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2022-23288 HIGH This Week

Windows DWM Core Library Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows Server Windows Server 2019
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2022-23287 HIGH This Week

Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server +2
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2022-23286 HIGH This Week

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server +1
NVD
CVSS 3.1
7.0
EPSS
4.3%
CVE-2022-23283 HIGH This Week

Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 Windows 11 +8
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2022-21967 HIGH This Week

Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2022-24745 MEDIUM PATCH This Month

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Session Fixation Information Disclosure Shopware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-24522 MEDIUM This Month

Skype Extension for Chrome Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Skype Extension
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2022-24519 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2022-24518 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2022-24515 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2022-24506 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2022-24463 MEDIUM This Month

Microsoft Exchange Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
6.5
EPSS
31.8%
CVE-2022-23253 MEDIUM This Month

Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.5
EPSS
56.4%
CVE-2022-24512 MEDIUM PATCH This Month

.NET and Visual Studio Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Net Net Core Powershell +3
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2022-24746 MEDIUM PATCH This Month

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Shopware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-24526 MEDIUM This Month

Visual Studio Code Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Visual Studio Code
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2022-24323 MEDIUM This Month

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ecostruxure Control Expert Ecostruxure Process Expert
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2022-24322 MEDIUM This Month

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Ecostruxure Control Expert
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-23278 MEDIUM This Month

Microsoft Defender for Endpoint Spoofing Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Defender For Endpoint Edr Sensor Defender For Endpoint
NVD
CVSS 3.1
5.9
EPSS
1.8%
CVE-2022-24462 MEDIUM This Month

Microsoft Word Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass 365 Apps Office Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-24511 MEDIUM This Month

Microsoft Office Word Tampering Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-23297 MEDIUM This Month

Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-23281 MEDIUM This Month

Windows Common Log File System Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-21973 MEDIUM This Month

Windows Media Center Update Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 7 Windows 8 1 Windows Rt 8 1 +1
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-22511 MEDIUM This Month

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 750 8100 Firmware 750 8101 Firmware 750 8102 Firmware 751 9301 Firmware +21
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-24503 MEDIUM This Month

Remote Desktop Protocol Client Information Disclosure Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Remote Desktop Client Windows 10 Windows 11 Windows 7 +8
NVD
CVSS 3.1
5.4
EPSS
2.3%
CVE-2022-24747 MEDIUM PATCH This Month

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Shopware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-21975 MEDIUM This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Race Condition Microsoft Windows 10 Windows 8 1 +4
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2022-24919 MEDIUM PATCH This Month

An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Frontend Debian Linux Fedora
NVD
CVSS 3.1
4.4
EPSS
1.2%
CVE-2022-24918 MEDIUM PATCH This Month

An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Frontend Fedora
NVD
CVSS 3.1
4.4
EPSS
1.1%
CVE-2022-24917 MEDIUM PATCH This Month

An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS CSRF Frontend Debian Linux Fedora
NVD
CVSS 3.1
4.4
EPSS
1.2%
CVE-2022-24349 MEDIUM PATCH This Month

An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Zabbix XSS Frontend Debian Linux Fedora
NVD
CVSS 3.1
4.4
EPSS
1.2%
CVE-2022-0022 MEDIUM This Month

Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-22010 MEDIUM This Month

Media Foundation Information Disclosure Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Windows 10 Windows 11 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
4.4
EPSS
2.4%
CVE-2022-24502 MEDIUM This Month

Windows HTML Platforms Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 Windows 11 Windows 7 +8
NVD
CVSS 3.1
4.3
EPSS
33.1%
CVE-2022-24744 LOW PATCH Monitor

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Shopware
NVD GitHub
CVSS 3.1
3.5
EPSS
0.5%
CVE-2022-24465 LOW Monitor

Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Apple Intune Company Portal
NVD
CVSS 3.1
3.3
EPSS
0.7%
CVE-2022-21977 LOW Monitor

Media Foundation Information Disclosure Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Windows 10 Windows 11 Windows 8 1 Windows Rt 8 1 +5
NVD
CVSS 3.1
3.3
EPSS
2.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy