Skip to main content
CVE-2022-25213 MEDIUM POC This Month

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass K2 Firmware K3 Firmware K3C Firmware K2G Firmware +1
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-26661 MEDIUM POC PATCH This Month

An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Proteus Trytond Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-22835 MEDIUM POC THREAT This Month

An issue was discovered in OverIT Geocall before version 8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Geocall
NVD
CVSS 3.1
6.5
EPSS
14.5%
CVE-2022-0865 MEDIUM POC This Month

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux Fedora Active Iq Unified Manager
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-0856 MEDIUM POC This Month

libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libcaca Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2021-41657 MEDIUM POC This Month

SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Collaborator
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-26101 MEDIUM POC This Month

Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fiori Launchpad
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-24608 MEDIUM POC This Month

Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Luocms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-24399 MEDIUM POC This Month

The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SAP Focused Run
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-24177 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Aleph 500
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-0890 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Mruby
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-25215 MEDIUM POC This Month

Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure K2 Firmware K3 Firmware K3C Firmware K2G Firmware +1
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-0906 MEDIUM POC PATCH This Month

Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Microweber
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-20055 MEDIUM This Month

In preloader (usb), there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2022-20050 MEDIUM This Month

In connsyslogger, there is a possible symbolic link following due to improper link resolution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20049 MEDIUM This Month

In vpu, there is a possible escalation of privilege due to a missing permission check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26652 MEDIUM PATCH This Month

NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nats Server Nats Streaming Server
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-20060 MEDIUM This Month

In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2022-20059 MEDIUM This Month

In preloader (usb), there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2022-20058 MEDIUM This Month

In preloader (usb), there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2022-20056 MEDIUM This Month

In preloader (usb), there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2022-26778 MEDIUM This Month

Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure System Recovery
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-25244 MEDIUM This Month

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-25243 MEDIUM This Month

"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-24398 MEDIUM This Month

Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Objects Business Intelligence Platform
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-21132 MEDIUM PATCH This Month

Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Pfsense Pkg Wireguard
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-20057 MEDIUM This Month

In btif, there is a possible memory corruption due to incorrect error handling. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2022-0904 MEDIUM This Month

A stack overflow bug in the document extractor in Mattermost Server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted Apple Pages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Mattermost Buffer Overflow Apple Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-25822 MEDIUM This Month

An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Race Condition Android
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2022-24397 MEDIUM This Month

SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-24395 MEDIUM This Month

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-21146 MEDIUM This Month

Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ipdio Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-25825 MEDIUM This Month

Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Account
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-25819 MEDIUM This Month

OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-25108 MEDIUM This Month

Foxit PDF Reader and Editor before 11.2.1 and PhantomPDF before 10.1.7 allow a NULL pointer dereference during PDF parsing because the pointer is used without proper validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Pdf Editor Pdf Reader
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-20051 MEDIUM This Month

In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-0433 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Linux Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-26102 MEDIUM This Month

Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-24432 MEDIUM This Month

Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ipdio Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-21158 MEDIUM This Month

A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Marktext
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-26847 MEDIUM PATCH This Month

SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Spip Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2022-26104 MEDIUM This Month

SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Financial Consolidation
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-26103 MEDIUM This Month

Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Application Server Java
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-25368 MEDIUM PATCH This Month

Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Rated medium severity (CVSS 4.7).

Information Disclosure Ampere Altra Max Firmware Ampere Altra Firmware Neoverse E1 Firmware Neoverse V1 Firmware +18
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2022-25820 MEDIUM This Month

A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2022-25816 MEDIUM This Month

Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2022-24932 MEDIUM This Month

Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Cloud
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2022-26355 MEDIUM This Month

Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Citrix Information Disclosure Federated Authentication Service
NVD
CVSS 3.1
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy