Skip to main content
CVE-2022-1365 MEDIUM POC PATCH This Month

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Cross Fetch
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-28041 MEDIUM POC PATCH This Month

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Stb Image H Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2022-1231 MEDIUM POC PATCH This Month

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Atlassian Plantuml Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-28049 MEDIUM POC PATCH This Month

NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Nginx Null Pointer Dereference Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-20724 MEDIUM POC This Month

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Cisco XSS Path Traversal Cgr1000 Compute Module +3
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-24851 MEDIUM POC PATCH This Month

LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Path Traversal Ldap Account Manager Debian Linux
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2022-20758 MEDIUM This Month

A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Cisco Apple Ios Xr
NVD
CVSS 3.1
6.8
EPSS
1.2%
CVE-2022-20731 MEDIUM This Month

Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Catalyst Digital Building Series Switches Firmware Ios Rommon
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-20694 MEDIUM This Month

A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.1
6.8
EPSS
1.1%
CVE-2022-20727 MEDIUM This Month

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Cisco XSS Path Traversal Cgr1000 Compute Module +4
NVD
CVSS 3.1
6.7
EPSS
1.0%
CVE-2022-20677 MEDIUM This Month

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Cisco XSS Path Traversal iOS
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2022-20676 MEDIUM This Month

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Apple Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-26829 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Microsoft Windows Server 2008 Windows Server 2012 +3
NVD
CVSS 3.1
6.6
EPSS
1.8%
CVE-2022-26822 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Microsoft Windows Server 2008 Windows Server 2012 +3
NVD
CVSS 3.1
6.6
EPSS
1.8%
CVE-2022-26821 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Microsoft Windows Server 2008 Windows Server 2012 +3
NVD
CVSS 3.1
6.6
EPSS
1.8%
CVE-2022-26820 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Microsoft Windows Server 2008 Windows Server 2012 +3
NVD
CVSS 3.1
6.6
EPSS
1.8%
CVE-2022-26819 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Microsoft Windows Server 2008 Windows Server 2012 +3
NVD
CVSS 3.1
6.6
EPSS
1.8%
CVE-2022-26818 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
6.6
EPSS
2.2%
CVE-2022-26817 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Microsoft Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.6
EPSS
1.7%
CVE-2022-26814 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Microsoft Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.6
EPSS
1.7%
CVE-2022-26911 MEDIUM This Month

Skype for Business Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Lync Server Skype For Business Server
NVD
CVSS 3.1
6.5
EPSS
3.3%
CVE-2022-26816 MEDIUM This Month

Windows DNS Server Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2022-26785 MEDIUM This Month

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2022-26784 MEDIUM This Month

Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2022-26783 MEDIUM This Month

Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2022-24538 MEDIUM This Month

Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2022-24498 MEDIUM This Month

Windows iSCSI Target Service Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2022-23268 MEDIUM This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 11 Windows Server 2022
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-20761 MEDIUM This Month

A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco iOS
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-20747 MEDIUM This Month

A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-20735 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-20692 MEDIUM This Month

A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Apple Ios Xe
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-20684 MEDIUM This Month

A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Cisco Apple Ios Xe
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-26594 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Liferay Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-27425 MEDIUM PATCH This Month

Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP XSS Chamilo
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-27422 MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Chamilo Lms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-27852 MEDIUM This Month

Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabilities in KB Support (WordPress plugin) <= 1.5.5 versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Kb Support
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-27258 MEDIUM This Month

Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hubzilla
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-26920 MEDIUM This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-24548 MEDIUM This Month

Microsoft Defender Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Malware Protection Engine
NVD
CVSS 3.1
5.5
EPSS
2.7%
CVE-2022-24493 MEDIUM This Month

Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-24484 MEDIUM This Month

Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-24483 MEDIUM This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2022-20717 MEDIUM This Month

A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Sd Wan Vedge Router
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-26910 MEDIUM This Month

Skype for Business and Lync Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Skype For Business Server
NVD
CVSS 3.1
5.3
EPSS
2.3%
CVE-2022-26907 MEDIUM PATCH This Month

Azure SDK for .NET Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Azure Sdk For Net
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2022-26897 MEDIUM This Month

Azure Site Recovery Information Disclosure Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2022-26896 MEDIUM This Month

Azure Site Recovery Information Disclosure Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2022-20722 MEDIUM PATCH This Month

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Cisco XSS Path Traversal Ios Xe
NVD GitHub
CVSS 3.1
4.9
EPSS
1.2%
CVE-2022-20721 MEDIUM This Month

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco XSS Path Traversal Ios Xe
NVD GitHub
CVSS 3.1
4.9
EPSS
1.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy