Skip to main content
CVE-2022-29855 MEDIUM POC This Month

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE 6873I Sip Firmware 6930 Sip Firmware 6940 Sip Firmware 6865I Sip Firmware +5
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2022-29977 MEDIUM POC This Month

There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-29978 MEDIUM POC This Month

There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-30062 MEDIUM POC This Month

ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Ftcms
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-30061 MEDIUM POC This Month

ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ftcms
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-30059 MEDIUM POC This Month

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Shopwind
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-29848 MEDIUM POC This Month

In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD GitHub
CVSS 3.1
6.5
EPSS
3.5%
CVE-2022-29845 MEDIUM POC This Month

In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Whatsup Gold
NVD GitHub
CVSS 3.1
6.5
EPSS
3.9%
CVE-2022-24584 MEDIUM POC This Month

Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Otp
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-29008 MEDIUM POC This Month

An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bus Pass Management System
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-1623 MEDIUM POC PATCH This Month

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff Fedora Ontap Select Deploy Administration Utility +1
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2022-1622 MEDIUM POC PATCH This Month

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff Fedora Ontap Select Deploy Administration Utility +4
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2022-30057 MEDIUM POC This Month

Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Shopwind
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-29727 MEDIUM POC This Month

Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Enterprise Survey Software
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.3%
CVE-2022-30058 MEDIUM POC This Month

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Shopwind
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-29846 MEDIUM POC This Month

In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whatsup Gold
NVD GitHub
CVSS 3.1
5.3
EPSS
5.1%
CVE-2022-0026 MEDIUM This Month

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Paloalto Cortex Xdr Agent
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-0025 MEDIUM This Month

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Paloalto Cortex Xdr Agent
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-22975 MEDIUM This Month

An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Code Injection Pinniped
NVD GitHub
CVSS 3.1
6.6
EPSS
0.9%
CVE-2022-1406 MEDIUM This Month

Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-28078 MEDIUM This Month

Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Home Owners Collection Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-28244 MEDIUM This Month

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a violation of secure design principles through bypassing the content. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Acrobat Dc Acrobat Reader Dc Acrobat +1
NVD
CVSS 3.1
6.3
EPSS
3.5%
CVE-2022-28077 MEDIUM This Month

Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Home Owners Collection Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-23137 MEDIUM This Month

ZTE's ZXCDN product has a reflective XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte XSS Zxcdn Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-27656 MEDIUM This Month

The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver As Abap Kernel Netweaver As Abap Krnl64uc Webdispatcher
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-1433 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-29728 MEDIUM This Month

Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Survey Software
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-28837 MEDIUM This Month

Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Adobe Information Disclosure Acrobat Dc +3
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2022-28267 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2022-28266 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2022-28265 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2022-28264 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2022-28263 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
10.0%
CVE-2022-28262 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
10.0%
CVE-2022-28261 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2022-28260 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2022-28259 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2022-28258 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
10.1%
CVE-2022-28257 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2022-28256 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Adobe Information Disclosure Acrobat Dc +3
NVD
CVSS 3.1
5.5
EPSS
2.4%
CVE-2022-28255 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2022-28254 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2022-28253 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2022-28251 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2022-28250 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Adobe Information Disclosure Acrobat Dc +3
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2022-28249 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2022-28248 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
9.8%
CVE-2022-28246 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
10.1%
CVE-2022-28245 MEDIUM This Month

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2022-28774 MEDIUM This Month

Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass SAP Host Agent
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy