Skip to main content
CVE-2022-1207 MEDIUM POC PATCH This Month

Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Radare2
NVD GitHub
CVSS 3.1
6.6
EPSS
0.9%
CVE-2022-21830 MEDIUM POC PATCH This Month

A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Livechat
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-24181 MEDIUM POC This Month

Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Journal Systems
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
6.1%
CVE-2022-0489 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
5.7
EPSS
1.5%
CVE-2022-26565 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Content Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-0390 MEDIUM POC This Month

Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-0373 MEDIUM POC This Month

Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-23156 MEDIUM This Month

Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Wyse Device Agent
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-22950 MEDIUM PATCH This Month

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Java Spring Framework
NVD
CVSS 3.1
6.5
EPSS
35.8%
CVE-2022-0922 MEDIUM This Month

The software does not perform any authentication for critical system functionality. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass E Alert Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-22404 MEDIUM PATCH This Month

IBM App Connect Enterprise Certified Container Dashboard UI (IBM App Connect Enterprise Certified Container 1.5, 2.0, 2.1, 3.0, and 3.1) may be vulnerable to denial of service due to excessive rate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service IBM App Connect Enterprise Certified Container
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-22328 MEDIUM PATCH This Month

IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Partner Engagement Manager
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2022-25160 MEDIUM This Month

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fx5Uc Firmware Fx5Uc 32Mr Ds Ts Firmware Fx5Uc 32Mt D Firmware Fx5Uc 32Mt Dss Firmware +12
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2022-1018 MEDIUM PATCH This Month

When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Connected Components Workbench Isagraf Safety Instrumented Systems Workstation
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2022-23158 MEDIUM This Month

Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Wyse Device Agent
NVD
CVSS 3.1
4.4
EPSS
0.7%
CVE-2022-23157 MEDIUM This Month

Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Wyse Device Agent
NVD
CVSS 3.1
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy