Skip to main content
CVE-2022-29509 HIGH This Week

Directory traversal vulnerability in T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal T D Server Thermo Recorder Data Server Firmware
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2022-31050 HIGH PATCH This Week

TYPO3 is an open source web content management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Typo3
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-32346 HIGH This Week

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/view_room.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Hospital S Patient Records Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-30231 MEDIUM PATCH This Month

A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Sicam Gridedge Essential
NVD
CVSS 4.0
6.9
EPSS
0.6%
CVE-2022-31594 MEDIUM This Month

A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Adaptive Server Enterprise
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-31047 MEDIUM PATCH This Month

TYPO3 is an open source web content management system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Typo3
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-31589 MEDIUM This Month

Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Erp Financial Accounting Erp Localization For Cee Countries S 4Hana
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-32259 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-32256 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Sinema Remote Connect Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-29618 MEDIUM This Month

Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Development Infrastructure
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-32286 MEDIUM This Month

A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Saml
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-32145 MEDIUM PATCH This Month

A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Teamcenter Active Workspace
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-29485 MEDIUM PATCH This Month

Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Shirasagi
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-27221 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2022-32243 MEDIUM This Month

When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-32242 MEDIUM This Month

When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32241 MEDIUM This Month

When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32240 MEDIUM This Month

When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32239 MEDIUM This Month

When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32238 MEDIUM This Month

When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32237 MEDIUM This Month

When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32236 MEDIUM This Month

When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-32235 MEDIUM This Month

When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-21504 MEDIUM PATCH This Month

The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31049 MEDIUM PATCH This Month

TYPO3 is an open source web content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-31048 MEDIUM PATCH This Month

TYPO3 is an open source web content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-31059 MEDIUM PATCH This Month

Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discourse Calendar
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-31060 MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-32255 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Sinema Remote Connect Server
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-32561 MEDIUM This Month

An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-31066 MEDIUM PATCH This Month

EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Edgex Foundry
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2022-31046 MEDIUM PATCH This Month

TYPO3 is an open source web content management system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Typo3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-29238 MEDIUM PATCH This Month

Jupyter Notebook is a web-based notebook environment for interactive computing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Notebook
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-29612 MEDIUM This Month

SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF SAP Host Agent Netweaver Abap
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-27220 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-27219 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-29482 LOW Monitor

'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Mobaoku Auction Flea Market
NVD
CVSS 3.1
3.7
EPSS
0.3%
CVE-2022-29615 LOW Monitor

SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Deserialization SAP Netweaver Developer Studio
NVD
CVSS 3.1
3.4
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy