Skip to main content
CVE-2022-24837 MEDIUM PATCH This Month

HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Hedgedoc
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-24804 MEDIUM PATCH This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-27845 MEDIUM This Month

Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) in PlausibleHQ Plausible Analytics (WordPress plugin) <= 1.2.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Plausible Analytics
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2022-22571 MEDIUM This Month

An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Incapptic Connect
NVD
CVSS 3.1
4.8
EPSS
0.9%
CVE-2022-25831 MEDIUM This Month

Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2022-27840 MEDIUM This Month

Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Recovery
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-27831 MEDIUM This Month

Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20079 MEDIUM This Month

In vow, there is a possible read of uninitialized data due to a improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20076 MEDIUM This Month

In ged, there is a possible memory corruption due to an incorrect error handling. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20066 MEDIUM This Month

In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-27841 MEDIUM This Month

Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Samsung Pass
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-25615 MEDIUM This Month

Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom - Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Eroom Zoom Meetings Webinar
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-25614 MEDIUM This Month

Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom - Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Eroom Zoom Meetings Webinar
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-27839 MEDIUM This Month

Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Internet
NVD
CVSS 3.1
4.0
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy