Skip to main content
CVE-2022-26364 MEDIUM POC PATCH This Month

x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2022-30898 MEDIUM POC This Month

A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cscms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-25805 MEDIUM POC This Month

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Universal Management Suite
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2035 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rustici Software Scorm Engine
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-32195 MEDIUM POC PATCH This Month

Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Open Edx
NVD GitHub
CVSS 3.1
6.1
EPSS
2.3%
CVE-2022-25807 MEDIUM POC This Month

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Universal Management Suite
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-25804 MEDIUM POC This Month

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Universal Management Suite
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2036 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Rosariosis
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-2029 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Titra
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-2028 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Titra
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-2026 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Titra
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-2015 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Drawio
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2014 MEDIUM POC PATCH This Month

Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Drawio
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-2016 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Facturascripts
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-30760 MEDIUM POC This Month

An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Fn2Web
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2022-21499 MEDIUM PATCH This Month

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Debian Linux
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2022-26363 MEDIUM PATCH This Month

x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-29250 MEDIUM This Month

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31027 MEDIUM PATCH This Month

OAuthenticator is an OAuth token library for the JupyerHub login handler. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oauthenticator
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-29254 MEDIUM PATCH This Month

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Silverstripe Omnipay
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-26362 MEDIUM PATCH This Month

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. Rated medium severity (CVSS 6.4).

Race Condition Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2022-0823 MEDIUM PATCH This Month

An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Zyxel Gs1200 5 Firmware Gs1200 5Hp Firmware Gs1200 8 Firmware +1
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2022-24969 MEDIUM PATCH This Month

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Open Redirect Dubbo
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2022-29224 MEDIUM PATCH This Month

Envoy is a cloud-native high-performance proxy. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Envoy
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
CVE-2022-30702 MEDIUM This Month

Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Buffer Overflow Information Disclosure Security
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-31030 MEDIUM PATCH This Month

containerd is an open source container runtime. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Kubernetes Containerd Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-24876 MEDIUM PATCH This Month

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-31038 MEDIUM PATCH This Month

Gogs is an open source self-hosted Git service. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gogs
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-28614 MEDIUM This Month

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Apache Information Disclosure Http Server Fedora +1
NVD
CVSS 3.1
5.3
EPSS
4.4%
CVE-2022-28330 MEDIUM This Month

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Microsoft Buffer Overflow Information Disclosure Http Server
NVD
CVSS 3.1
5.3
EPSS
3.4%
CVE-2022-2020 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Prison Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-24896 MEDIUM PATCH This Month

Tuleap is a Free & Open Source Suite to manage software developments and collaboration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Tuleap
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy