Skip to main content
CVE-2022-1257 MEDIUM POC This Month

Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Apple Information Disclosure Agent
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-1351 MEDIUM POC PATCH This Month

Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-24853 MEDIUM POC This Month

Metabase is an open source business intelligence and analytics application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Metabase
NVD GitHub
CVSS 3.1
5.3
EPSS
2.5%
CVE-2022-1328 MEDIUM POC PATCH This Month

Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Mutt Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2022-25166 MEDIUM POC This Month

An issue was discovered in Amazon AWS VPN Client 2.0.0. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aws Client Vpn
NVD GitHub
CVSS 3.1
5.0
EPSS
1.5%
CVE-2022-21145 MEDIUM POC THREAT This Month

A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lansweeper
NVD
CVSS 3.1
4.8
EPSS
77.8%
CVE-2022-27817 MEDIUM POC This Month

SWHKD 1.1.5 consumes the keyboard events of unintended users. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Swhkd
NVD GitHub
CVSS 3.1
4.4
EPSS
0.4%
CVE-2022-24849 MEDIUM PATCH This Month

DisCatSharp is a Discord API wrapper for .NET. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Discatsharp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-22196 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-22191 MEDIUM This Month

A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-22186 MEDIUM This Month

Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-22182 MEDIUM This Month

A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper XSS Junos
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-22193 MEDIUM This Month

An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-24855 MEDIUM This Month

Metabase is an open source business intelligence and analytics application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Metabase
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-22181 MEDIUM This Month

A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper XSS Junos
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-24824 MEDIUM PATCH This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-22968 MEDIUM PATCH This Month

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Framework Active Iq Unified Manager Cloud Secure Agent +4
NVD
CVSS 3.1
5.3
EPSS
5.7%
CVE-2022-27848 MEDIUM This Month

Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Modern Events Calendar Lite
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-24850 MEDIUM This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-22391 MEDIUM This Month

IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authenticated user to obtain information from non sensitive operating system files that they should not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera High Speed Transfer Endpoint Aspera High Speed Transfer Server
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy