Skip to main content
CVE-2022-24248 MEDIUM POC THREAT This Month

RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Ritecms
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
21.0%
CVE-2022-24247 MEDIUM POC This Month

RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Path Traversal Ritecms
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
3.9%
CVE-2022-0878 MEDIUM POC This Month

Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Combined Charging System Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-0436 MEDIUM POC PATCH This Month

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Grunt
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-27419 MEDIUM POC This Month

rtl_433 21.12 was discovered to contain a stack overflow in the function acurite_00275rm_decode at /devices/acurite.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Rtl 433
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-1330 MEDIUM POC PATCH This Month

stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Fullpage
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-0140 MEDIUM POC This Month

The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Visual Form Builder
NVD WPScan
CVSS 3.1
5.3
EPSS
3.8%
CVE-2022-22550 MEDIUM PATCH This Month

Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-23702 MEDIUM This Month

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Superdome Flex Server Firmware Superdome Flex 280 Server Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-23159 MEDIUM PATCH This Month

Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-28795 MEDIUM This Month

A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Apple Information Disclosure Password Manager
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-27671 MEDIUM This Month

A CSRF token visible in the URL may possibly lead to information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-27670 MEDIUM This Month

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Sql Anywhere
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-27655 MEDIUM This Month

When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-27654 MEDIUM This Month

When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-26109 MEDIUM This Month

When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-26108 MEDIUM This Month

When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-26107 MEDIUM This Month

When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-26106 MEDIUM This Month

When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-22541 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-28662 MEDIUM PATCH This Month

A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Simcenter Femap
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-28329 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Siemens Scalance W1788 2Ia M12 Firmware Scalance W1788 2 M12 Firmware Scalance W1788 2 Eec M12 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-25650 MEDIUM PATCH This Month

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), Mendix Applications using Mendix 8 (All versions < V8.18.14), Mendix Applications using Mendix 9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Mendix
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-28770 MEDIUM This Month

Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sapui5 Library
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-28216 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-26105 MEDIUM This Month

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-25756 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V),. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens XSS Scalance X302 7Eec Firmware Scalance X304 2Fe Firmware Scalance X306 1Ldfe Firmware +20
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-23163 MEDIUM PATCH This Month

Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Dell Emc Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-22560 MEDIUM PATCH This Month

Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Dell Emc Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-21202 MEDIUM PATCH This Month

The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Alpha5 Smart Loader Firmware
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-21168 MEDIUM PATCH This Month

The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Information Disclosure Alpha5 Smart Loader Firmware
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-29049 MEDIUM PATCH This Month

Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Promoted Builds
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-29046 MEDIUM PATCH This Month

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Subversion macOS
NVD
CVSS 3.1
5.4
EPSS
2.4%
CVE-2022-29045 MEDIUM PATCH This Month

Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Promoted Builds
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-29044 MEDIUM PATCH This Month

Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying parameters, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Node And Label Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-29043 MEDIUM PATCH This Month

Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Mask Passwords
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-29042 MEDIUM This Month

Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Job Generator
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-29041 MEDIUM PATCH This Month

Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Jenkins Jira
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-29040 MEDIUM PATCH This Month

Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Git Parameter
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-29039 MEDIUM PATCH This Month

Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Gerrit Trigger
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-29038 MEDIUM This Month

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the name and description of Extended Choice parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Extended Choice Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-29037 MEDIUM PATCH This Month

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Cvs
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-29036 MEDIUM PATCH This Month

Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Credentials
NVD
CVSS 3.1
5.4
EPSS
78.5%
CVE-2022-29047 MEDIUM PATCH This Month

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or equivalent), but not able to commit directly to the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Pipeline
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-27481 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Denial Of Service Race Condition Siemens Scalance W1788 2Ia M12 Firmware Scalance W1788 2 M12 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-28215 MEDIUM This Month

SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect SAP Netweaver Abap
NVD
CVSS 3.1
4.7
EPSS
0.8%
CVE-2022-29052 MEDIUM PATCH This Month

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Jenkins Information Disclosure Google Compute Engine
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-29051 MEDIUM PATCH This Month

Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and earlier allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Publish Over Ftp
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-29048 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Subversion macOS
NVD
CVSS 3.1
4.3
EPSS
1.8%
CVE-2022-23160 MEDIUM PATCH This Month

Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy