Skip to main content
CVE-2022-28222 MEDIUM POC This Month

The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php`. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS WordPress Antispam
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2022-0645 MEDIUM POC PATCH This Month

Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Posthog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1385 MEDIUM POC PATCH This Month

Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2022-21465 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-1187 MEDIUM PATCH This Month

The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the ~/inc/admin.php file which allows unauthenticated attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress PHP XSS Wp Youtube Live
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
2.4%
CVE-2022-21498 MEDIUM This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Oracle Database
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-21471 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-21467 MEDIUM This Month

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Attachments). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Agile Plm
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-21454 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-21447 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise CS Academic Advisement product of Oracle PeopleSoft (component: Advising Notes). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Cs Academic Advisement
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-21490 MEDIUM This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3). No vendor patch available.

Oracle Information Disclosure Mysql Cluster Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
6.3
EPSS
78.7%
CVE-2022-21489 MEDIUM This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3). No vendor patch available.

Oracle Information Disclosure MySQL Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
6.3
EPSS
78.9%
CVE-2022-21483 MEDIUM This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3). No vendor patch available.

Oracle Information Disclosure MySQL Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
6.3
EPSS
3.0%
CVE-2022-21482 MEDIUM This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3). No vendor patch available.

Oracle Information Disclosure MySQL Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
6.3
EPSS
3.1%
CVE-2022-24858 MEDIUM PATCH This Month

next-auth v3 users before version 3.29.2 are impacted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Next Auth
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-28221 MEDIUM This Month

The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS WordPress Antispam
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2022-21492 MEDIUM This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Business Intelligence
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-21480 MEDIUM This Month

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Transportation Management
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-21470 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Process Scheduler). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-21468 MEDIUM This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popups). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Applications Framework
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-21458 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navigation Pages, Portal, Query). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-21456 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navigation Pages, Portal, Query). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-21453 MEDIUM This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Weblogic Server
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-21448 MEDIUM This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Business Intelligence
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-21419 MEDIUM This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Business Intelligence
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-21409 MEDIUM This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-1019 MEDIUM This Month

Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open redirection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Webctrl Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-21493 MEDIUM This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Solaris
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2022-21475 MEDIUM This Month

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Banking Payments
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-21474 MEDIUM This Month

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Banking Trade Finance Process Management
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-21473 MEDIUM This Month

Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Banking Treasury Management
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-21472 MEDIUM This Month

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Flexcube Universal Banking
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-21457 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
5.9
EPSS
2.1%
CVE-2022-26593 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-21479 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2022-21478 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-21463 MEDIUM This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Solaris
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-21461 MEDIUM This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Solaris
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-21459 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-21440 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +1
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-21425 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-21405 MEDIUM This Month

Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Oracle Explorer). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Oss Support Tools
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-1186 MEDIUM PATCH This Month

The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Be Popia Compliant
NVD VulDB
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-21481 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft (component: Financial Gateway). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-21477 MEDIUM This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Oracle Applications Framework
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-21450 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub product of Oracle PeopleSoft (component: My Links). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Prtl Interaction Hub
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-21411 MEDIUM This Month

Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Database
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-27863 MEDIUM This Month

Sensitive Information Exposure in E4J s.r.l. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Vikbooking Hotel Booking Engine Property Management System Plugin
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-21496 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Graalvm Java Se +14
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2022-21434 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Graalvm Jdk +15
NVD
CVSS 3.1
5.3
EPSS
2.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy