Skip to main content
CVE-2022-1803 MEDIUM POC PATCH This Month

Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Trudesk
NVD GitHub
CVSS 3.1
6.9
EPSS
1.5%
CVE-2022-27094 MEDIUM POC This Month

Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Playmemories Home
NVD Exploit-DB
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-31215 MEDIUM POC This Month

In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Client Agent Reach Console Reach Server
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-1754 MEDIUM POC PATCH This Month

Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Trudesk
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-1806 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository rtxteam/rtx prior to checkpoint_2022-05-18. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Rtx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-29206 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29205 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29204 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29203 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29202 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29201 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29207 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29200 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29199 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29198 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29197 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29196 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29195 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29193 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29194 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29192 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29191 MEDIUM POC PATCH This Month

TensorFlow is an open source platform for machine learning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-25224 MEDIUM POC This Month

Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Proton
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-25229 MEDIUM POC This Month

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Popcorn Time
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-28985 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Orangehrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-28987 MEDIUM POC This Month

Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Adselfservice Plus
NVD GitHub
CVSS 3.1
5.3
EPSS
9.7%
CVE-2022-29159 MEDIUM POC PATCH This Month

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud Deck
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-24906 MEDIUM POC PATCH This Month

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Deck
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-29883 MEDIUM PATCH This Month

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass 7Kg8500 0Aa00 0Aa0 Firmware 7Kg8500 0Aa00 2Aa0 Firmware 7Kg8500 0Aa10 0Aa0 Firmware 7Kg8500 0Aa10 2Aa0 Firmware +32
NVD
CVSS 4.0
6.9
EPSS
1.0%
CVE-2022-29881 MEDIUM PATCH This Month

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass 7Kg8500 0Aa00 0Aa0 Firmware 7Kg8500 0Aa00 2Aa0 Firmware 7Kg8500 0Aa10 0Aa0 Firmware 7Kg8500 0Aa10 2Aa0 Firmware +32
NVD
CVSS 4.0
6.9
EPSS
1.0%
CVE-2022-31258 MEDIUM This Month

In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Checkmk
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-29880 MEDIUM PATCH This Month

A vulnerability has been identified in SICAM T (All versions < V3.0). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS 7Kg8500 0Aa00 0Aa0 Firmware 7Kg8500 0Aa00 2Aa0 Firmware 7Kg8500 0Aa10 0Aa0 Firmware 7Kg8500 0Aa10 2Aa0 Firmware +32
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-29877 MEDIUM PATCH This Month

A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass 7Kg8500 0Aa00 0Aa0 Firmware 7Kg8500 0Aa00 2Aa0 Firmware 7Kg8500 0Aa10 0Aa0 Firmware 7Kg8500 0Aa10 2Aa0 Firmware +32
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-27640 MEDIUM PATCH This Month

A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Simatic Cp 442 1 Rna Firmware Simatic Cp 443 1 Rna Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-24045 MEDIUM This Month

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Desigo Dxr2 Firmware Desigo Pxc3 Firmware Desigo Pxc4 Firmware Desigo Pxc5 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-28965 MEDIUM PATCH This Month

Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service RCE Premium Security
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-29430 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF WordPress Png To Jpg
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-29425 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in WP Wham's Checkout Files Upload for WooCommerce plugin <= 2.1.2 at WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Checkout Files Upload For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-29183 MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gocd
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-29177 MEDIUM PATCH This Month

Go Ethereum is the official Golang implementation of the Ethereum protocol. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
CVE-2022-22365 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-29031 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-29030 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-29029 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-29028 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-27242 MEDIUM PATCH This Month

A vulnerability has been identified in OpenV2G (V0.9.4). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Openv2G
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-29434 MEDIUM This Month

Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Spiffy Calendar
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-29431 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Cpt Base
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-29426 MEDIUM This Month

Authenticated (contributor or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team's Slideshow, Image Slider by 2J plugin <= 1.3.54 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress 2J Slideshow
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-29182 MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gocd
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy