Skip to main content
CVE-2022-20799 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv340 Firmware Rv340W Firmware Rv345 Firmware +1
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2022-20753 HIGH This Week

A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Cisco Rv340 Firmware +3
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2022-25785 HIGH This Week

Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Sitemanager 1129 Firmware Sitemanager 1139 Firmware +7
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-25787 MEDIUM This Month

Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-29943 MEDIUM This Month

Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Administration Center
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29942 MEDIUM This Month

Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Administration Center
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-30241 MEDIUM PATCH This Month

The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Node.js Jquery Json Viewer
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-28081 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Arphp
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-25781 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-20796 MEDIUM This Month

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-25782 MEDIUM This Month

Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-25786 MEDIUM This Month

Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-25784 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sitemanager 1129 Firmware Sitemanager 1139 Firmware Sitemanager 1149 Firmware Sitemanager 3329 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-20794 MEDIUM This Month

Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS). Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Open Redirect Information Disclosure Telepresence Collaboration Endpoint +1
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2022-20734 MEDIUM This Month

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Catalyst Sd Wan Manager
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-25783 MEDIUM This Month

Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-25780 MEDIUM This Month

Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-25779 MEDIUM This Month

Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager 4250 Firmware Gatemanager 4260 Firmware Gatemanager 8250 Firmware Gatemanager 9250 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-1502 MEDIUM PATCH This Month

Permissions were not properly verified in the API on projects using version control in Git. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Server
NVD
CVSS 3.1
4.3
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy