Skip to main content
CVE-2022-20677 MEDIUM This Month

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Cisco XSS Path Traversal iOS
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2022-20676 MEDIUM This Month

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Apple Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-26829 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Microsoft Windows Server 2008 Windows Server 2012 +3
NVD
CVSS 3.1
6.6
EPSS
1.8%
CVE-2022-26822 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Microsoft Windows Server 2008 Windows Server 2012 +3
NVD
CVSS 3.1
6.6
EPSS
1.8%
CVE-2022-26821 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Microsoft Windows Server 2008 Windows Server 2012 +3
NVD
CVSS 3.1
6.6
EPSS
1.8%
CVE-2022-26820 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Microsoft Windows Server 2008 Windows Server 2012 +3
NVD
CVSS 3.1
6.6
EPSS
1.8%
CVE-2022-26819 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Microsoft Windows Server 2008 Windows Server 2012 +3
NVD
CVSS 3.1
6.6
EPSS
1.8%
CVE-2022-26818 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
6.6
EPSS
2.2%
CVE-2022-26817 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Microsoft Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.6
EPSS
1.7%
CVE-2022-26814 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Microsoft Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.6
EPSS
1.7%
CVE-2022-26911 MEDIUM This Month

Skype for Business Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Lync Server Skype For Business Server
NVD
CVSS 3.1
6.5
EPSS
3.3%
CVE-2022-26816 MEDIUM This Month

Windows DNS Server Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2022-26785 MEDIUM This Month

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2022-26784 MEDIUM This Month

Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2022-26783 MEDIUM This Month

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2022-24538 MEDIUM This Month

Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2022-24498 MEDIUM This Month

Windows iSCSI Target Service Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2022-23268 MEDIUM This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 11 Windows Server 2022
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-20761 MEDIUM This Month

A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco iOS
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-20747 MEDIUM This Month

A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-20735 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-20692 MEDIUM This Month

A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-20684 MEDIUM This Month

A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Cisco Apple Ios Xe
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-26594 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Liferay Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-27425 MEDIUM PATCH This Month

Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS Chamilo
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-27422 MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Chamilo Lms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-27852 MEDIUM This Month

Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Kb Support
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-27258 MEDIUM This Month

Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hubzilla
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-26920 MEDIUM This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-24548 MEDIUM This Month

Microsoft Defender Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Malware Protection Engine
NVD
CVSS 3.1
5.5
EPSS
2.7%
CVE-2022-24493 MEDIUM This Month

Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-24484 MEDIUM This Month

Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-24483 MEDIUM This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2022-20717 MEDIUM This Month

A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Sd Wan Vedge Router
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-26910 MEDIUM This Month

Skype for Business and Lync Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Skype For Business Server
NVD
CVSS 3.1
5.3
EPSS
2.3%
CVE-2022-26907 MEDIUM PATCH This Month

Azure SDK for .NET Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Azure Sdk For Net
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2022-26897 MEDIUM This Month

Azure Site Recovery Information Disclosure Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2022-26896 MEDIUM This Month

Azure Site Recovery Information Disclosure Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2022-20722 MEDIUM PATCH This Month

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Cisco XSS Path Traversal Ios Xe
NVD GitHub
CVSS 3.1
4.9
EPSS
1.2%
CVE-2022-20721 MEDIUM This Month

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco XSS Path Traversal Ios Xe
NVD GitHub
CVSS 3.1
4.9
EPSS
1.2%
CVE-2022-20725 MEDIUM This Month

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco XSS Path Traversal Cgr1000 Compute Module +4
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-20661 MEDIUM This Month

Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco iOS
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2022-27851 MEDIUM This Month

Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Use Any Font
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-27850 MEDIUM This Month

Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Simple Ajax Chat
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-28870 MEDIUM This Month

A vulnerability affecting F-Secure SAFE browser was discovered. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Safe
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-28869 MEDIUM This Month

A vulnerability affecting F-Secure SAFE browser was discovered. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Safe
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-28868 MEDIUM This Month

An Address bar spoofing vulnerability was discovered in Safe Browser for Android. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Safe
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-23292 LOW Monitor

Microsoft Power BI Spoofing Vulnerability. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure On Premises Data Gateway
NVD
CVSS 3.1
3.7
EPSS
0.8%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy