Skip to main content
CVE-2022-24858 MEDIUM PATCH This Month

next-auth v3 users before version 3.29.2 are impacted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Next Auth
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-28221 MEDIUM This Month

The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS WordPress Antispam
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2022-21492 MEDIUM This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Business Intelligence
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-21480 MEDIUM This Month

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Transportation Management
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-21470 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Process Scheduler). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-21468 MEDIUM This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popups). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Applications Framework
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-21458 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navigation Pages, Portal, Query). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-21456 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navigation Pages, Portal, Query). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-21453 MEDIUM This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Weblogic Server
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-21448 MEDIUM This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Business Intelligence
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-21419 MEDIUM This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Business Intelligence
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-21409 MEDIUM This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1019 MEDIUM This Month

Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open redirection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Webctrl Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-21493 MEDIUM This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Solaris
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2022-21475 MEDIUM This Month

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Banking Payments
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-21474 MEDIUM This Month

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Banking Trade Finance Process Management
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-21473 MEDIUM This Month

Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Banking Treasury Management
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-21472 MEDIUM This Month

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Flexcube Universal Banking
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-21457 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
5.9
EPSS
2.1%
CVE-2022-26593 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-21479 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2022-21478 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-21463 MEDIUM This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Solaris
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-21461 MEDIUM This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Solaris
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-21459 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-21440 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-21425 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-21405 MEDIUM This Month

Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Oracle Explorer). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Oss Support Tools
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-1186 MEDIUM PATCH This Month

The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Be Popia Compliant
NVD VulDB
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-21481 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft (component: Financial Gateway). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-21477 MEDIUM This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Oracle Applications Framework
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-21450 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub product of Oracle PeopleSoft (component: My Links). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Prtl Interaction Hub
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-21411 MEDIUM This Month

Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Database
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-27863 MEDIUM This Month

Sensitive Information Exposure in E4J s.r.l. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Vikbooking Hotel Booking Engine Property Management System Plugin
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-21496 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Graalvm Java Se +14
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2022-21434 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Graalvm Jdk +15
NVD
CVSS 3.1
5.3
EPSS
2.5%
CVE-2022-21426 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle Graalvm Jdk +15
NVD
CVSS 3.1
5.3
EPSS
3.2%
CVE-2022-24825 MEDIUM PATCH This Month

Smokescreen is a simple HTTP proxy that fogs over naughty URLs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Smokescreen
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-21418 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
5.0
EPSS
1.1%
CVE-2022-21416 MEDIUM This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Solaris
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2022-21462 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2022-21452 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2022-21438 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2022-21437 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2022-21436 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2022-21435 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2022-21427 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2022-21417 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.5%
CVE-2022-21415 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2022-21414 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
1.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy