Skip to main content
CVE-2022-27983 HIGH This Week

RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Rg Nbr2100G E Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-29970 HIGH PATCH This Week

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinatra Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-28451 HIGH PATCH This Week

nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nopcommerce
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-23722 MEDIUM This Month

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pingfederate
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-26326 MEDIUM This Month

Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Netiq Access Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-26325 MEDIUM This Month

Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netiq Access Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-29444 MEDIUM This Month

Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Breeze
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-24974 MEDIUM This Month

Links may not be rewritten according to policy in some specially formatted emails. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Email Isolation
NVD
CVSS 3.1
5.3
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy