Skip to main content
CVE-2022-28478 MEDIUM POC PATCH This Month

SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Seeddms
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-31494 MEDIUM POC This Month

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-29296 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Genialcloud Proj
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
2.4%
CVE-2022-31498 MEDIUM POC This Month

LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-31492 MEDIUM POC This Month

Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-31493 MEDIUM POC This Month

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librehealth Ehr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-28051 MEDIUM POC PATCH This Month

The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Seeddms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-28479 MEDIUM POC PATCH This Month

SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Seeddms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-30863 MEDIUM POC This Month

FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fudforum
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-30861 MEDIUM POC This Month

FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fudforum
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-1821 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-21759 MEDIUM This Month

In power service, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-21758 MEDIUM This Month

In ccu, there is a possible memory corruption due to a double free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-21754 MEDIUM This Month

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-21753 MEDIUM This Month

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-21752 MEDIUM This Month

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-21751 MEDIUM This Month

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-21750 MEDIUM This Month

In WLAN driver, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-29617 MEDIUM This Month

Due to improper error handling an authenticated user can crash CLA assistant instance. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Contributor License Agreement Assistant
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-1936 MEDIUM PATCH This Month

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-1935 MEDIUM PATCH This Month

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-28224 MEDIUM PATCH This Month

Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Calico Calico Enterprise
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-21749 MEDIUM This Month

In telephony, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-21748 MEDIUM This Month

In telephony, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-1940 MEDIUM PATCH This Month

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Gitlab XSS Atlassian
NVD
CVSS 3.1
5.4
EPSS
6.3%
CVE-2022-31485 MEDIUM This Month

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-21762 MEDIUM This Month

In apusys driver, there is a possible system crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-21761 MEDIUM This Month

In apusys driver, there is a possible system crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-21760 MEDIUM This Month

In apusys driver, there is a possible system crash due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-21756 MEDIUM This Month

In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-21755 MEDIUM This Month

In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-21747 MEDIUM This Month

In imgsensor, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-21746 MEDIUM This Month

In imgsensor, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy