Skip to main content
CVE-2022-1476 MEDIUM PATCH This Month

The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file,. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Epss exploitation probability 35.3%.

PHP WordPress Path Traversal All In One Wp Migration
NVD VulDB
CVSS 3.1
6.6
EPSS
35.3%
CVE-2022-28601 MEDIUM POC This Month

A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass 2 Factor Authentication
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2022-26934 MEDIUM PATCH This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.4%.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel +17
NVD VulDB
CVSS 3.1
6.5
EPSS
17.4%
CVE-2022-1649 MEDIUM POC PATCH This Month

Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Null Pointer Dereference Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-1209 MEDIUM POC This Month

The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Ultimate Member
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-29107 MEDIUM PATCH This Month

Microsoft Office Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Authentication Bypass 365 Apps Office Office Long Term Servicing Channel +2
NVD VulDB
CVSS 3.1
5.5
EPSS
7.7%
CVE-2022-20009 MEDIUM PATCH This Month

In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-29134 MEDIUM PATCH This Month

Windows Clustered Shared Volume Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Server Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29123 MEDIUM PATCH This Month

Windows Clustered Shared Volume Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Server Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29122 MEDIUM PATCH This Month

Windows Clustered Shared Volume Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Server Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29121 MEDIUM PATCH This Month

Windows WLAN AutoConfig Service Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 Windows 11 Windows 7 +8
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-29120 MEDIUM PATCH This Month

Windows Clustered Shared Volume Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Server Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29112 MEDIUM PATCH This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2022-26940 MEDIUM PATCH This Month

Remote Desktop Protocol Client Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Remote Desktop Client Windows 11 Windows Server 2022
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2022-26936 MEDIUM PATCH This Month

Windows Server Service Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2022-26935 MEDIUM PATCH This Month

Windows WLAN AutoConfig Service Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-22015 MEDIUM PATCH This Month

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Remote Desktop Client Windows 10 Windows 11 +7
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2022-20010 MEDIUM PATCH This Month

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-24041 MEDIUM This Month

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Desigo Pxc5 Firmware Desigo Pxc4 Firmware Desigo Pxc3 Firmware Desigo Dxr2 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-24040 MEDIUM This Month

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Desigo Pxc5 Firmware Desigo Pxc4 Firmware Desigo Pxc3 Firmware Desigo Dxr2 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-1567 MEDIUM This Month

The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, that accepts unvalidated user input and echoes it back to the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP XSS Wp Js
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-30278 MEDIUM This Month

A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Black Duck Hub
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-26925 MEDIUM KEV PATCH THREAT This Month

Windows LSA Spoofing Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +14
NVD
CVSS 3.1
5.9
EPSS
10.5%
CVE-2022-22713 MEDIUM PATCH This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 5.6).

Denial Of Service Microsoft Windows 10 Windows Server
NVD
CVSS 3.1
5.6
EPSS
0.7%
CVE-2022-29140 MEDIUM PATCH This Month

Windows Print Spooler Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server +3
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-29114 MEDIUM PATCH This Month

Windows Print Spooler Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2022-29102 MEDIUM PATCH This Month

Windows Failover Cluster Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Server Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-26933 MEDIUM PATCH This Month

Windows NTFS Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-26930 MEDIUM PATCH This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-22011 MEDIUM PATCH This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-20121 MEDIUM This Month

In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20119 MEDIUM This Month

In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20117 MEDIUM This Month

In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20115 MEDIUM PATCH This Month

In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20112 MEDIUM This Month

In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20011 MEDIUM PATCH This Month

In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Java Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-1431 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2022-0866 MEDIUM This Month

This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Application Platform Openstack Platform Wildfly
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-29116 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7).

Race Condition Microsoft Information Disclosure Windows 11
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2022-20008 MEDIUM This Month

In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2022-1417 MEDIUM This Month

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-29127 MEDIUM PATCH This Month

BitLocker Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required.

Authentication Bypass Windows 10 Windows 11 Windows 7 Windows 8 1 +7
NVD
CVSS 3.1
4.2
EPSS
0.8%
CVE-2022-24466 MEDIUM PATCH This Month

Windows Hyper-V Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
4.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy