Skip to main content
CVE-2022-30045 MEDIUM POC This Month

An issue was discovered in libezxml.a in ezXML 0.8.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Ezxml
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-29332 MEDIUM POC This Month

D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Path Traversal Dir 825 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-30067 MEDIUM POC This Month

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gimp
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-30072 MEDIUM POC This Month

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wbce Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-30073 MEDIUM POC This Month

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wbce Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
1.6%
CVE-2022-24890 MEDIUM POC PATCH This Month

Nextcloud Talk is a video and audio conferencing app for Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Talk
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-1753 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in WoWonder. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Wowonder
NVD VulDB
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-24611 MEDIUM This Month

Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zm5202 Firmware Zm5101 Firmware Sd3503 Firmware Sd3502 Firmware +1
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-1706 MEDIUM PATCH This Month

A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

VMware Authentication Bypass Ignition Openshift Container Platform Enterprise Linux +1
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-22482 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Denial Of Service IBM File Upload Sterling B2b Integrator
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-22475 MEDIUM PATCH This Month

IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Open Liberty Websphere Application Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-30959 MEDIUM This Month

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins SSH
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-30955 MEDIUM PATCH This Month

Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab Jenkins
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-30954 MEDIUM PATCH This Month

Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Blue Ocean
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-30953 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Blue Ocean
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-30952 MEDIUM PATCH This Month

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Blue Ocean
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-29436 MEDIUM This Month

Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF WordPress Code Snippets Extended
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-28186 MEDIUM PATCH This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Denial Of Service Nvidia Microsoft Gpu Display Driver Virtual Gpu
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-23706 MEDIUM PATCH This Month

A remote cross-site scripting (xss) vulnerability was discovered in HPE OneView version(s): Prior to 7.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Oneview
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-30110 MEDIUM PATCH This Month

The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jirafeau
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-28191 MEDIUM PATCH This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggered by an unprivileged regular user, which may lead to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Nvidia Virtual Gpu
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-28190 MEDIUM PATCH This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where improper input validation can cause denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Nvidia Microsoft Gpu Display Driver
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-28189 MEDIUM PATCH This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a NULL pointer dereference may lead to a system crash. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Nvidia Microsoft Null Pointer Dereference Gpu Display Driver
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-28188 MEDIUM PATCH This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product receives input or data, but does not validate or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Nvidia Microsoft Gpu Display Driver Virtual Gpu
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-28187 MEDIUM PATCH This Month

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where the memory management software does not release a resource after its effective lifetime. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Nvidia Microsoft Gpu Display Driver
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-22484 MEDIUM PATCH This Month

IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Protect
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-29435 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Code Snippets Extended
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-23674 MEDIUM This Month

A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aruba Clearpass Policy Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-22775 MEDIUM This Month

The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bpm Enterprise Bpm Enterprise Distribution For Silver Fabric
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-22773 MEDIUM This Month

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Jasperreports Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30970 MEDIUM This Month

Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Autocomplete Parameter
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-30968 MEDIUM This Month

Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Vboxwrapper
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-30967 MEDIUM This Month

Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Selection Tasks
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-30966 MEDIUM This Month

Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Random String Parameter
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-30965 MEDIUM This Month

Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Promoted Builds
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-30964 MEDIUM PATCH This Month

Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Multiselect Parameter
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-30963 MEDIUM This Month

Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Jdk Parameter
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-30962 MEDIUM This Month

Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Global Variable String Parameter
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-30961 MEDIUM This Month

Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Autocomplete Parameter
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-30960 MEDIUM PATCH This Month

Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Application Detector
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-30956 MEDIUM PATCH This Month

Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Rundeck
NVD
CVSS 3.1
5.4
EPSS
71.9%
CVE-2022-30689 MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-30949 MEDIUM PATCH This Month

Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Repo
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-23675 MEDIUM This Month

A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aruba Clearpass Policy Manager
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-30957 MEDIUM This Month

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins SSH
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-30946 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Script Security
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-28192 MEDIUM PATCH This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. Rated medium severity (CVSS 4.1). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Nvidia Use After Free Virtual Gpu
NVD
CVSS 3.1
4.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy