Skip to main content
CVE-2022-20143 MEDIUM This Month

In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20129 MEDIUM This Month

In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-21938 MEDIUM This Month

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Metasys Application And Data Server Metasys Extended Application And Data Server Metasys Open Application Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-32280 MEDIUM This Month

Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro's XO Slider plugin <= 3.3.2 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Xo Slider
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-28612 MEDIUM This Month

Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <=. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Custom Popup Builder
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-21937 MEDIUM This Month

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Metasys Application And Data Server Metasys Extended Application And Data Server Metasys Open Application Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-29443 MEDIUM This Month

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Hotel Booking
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-29442 MEDIUM This Month

Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress <= 2.1.10 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Private Messages
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-29440 MEDIUM This Month

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Promotion Slider plugin <= 3.3.4 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Promotion Slider
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-30154 MEDIUM PATCH This Month

Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Windows 10 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2022-20736 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Appdynamics Controller
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-20196 MEDIUM This Month

In gallery3d and photos, there is a possible permission bypass due to a confused deputy. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2022-20195 MEDIUM This Month

In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Denial Of Service Google Android
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2022-29452 MEDIUM This Month

Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Export All Urls
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-32550 MEDIUM This Month

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure 1Password 1Password In The Browser Command Line Command Line Interface +2
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-29438 MEDIUM This Month

Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Image Slider By Nextcode
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-1342 MEDIUM This Month

A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Remote Desktop Manager
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2022-20132 MEDIUM This Month

In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2022-20208 MEDIUM This Month

In parseRecursively of cppbor_parse.cpp, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20198 MEDIUM This Month

In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20182 MEDIUM This Month

In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20176 MEDIUM This Month

In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20174 MEDIUM This Month

In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20165 MEDIUM This Month

In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20162 MEDIUM This Month

In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-20159 MEDIUM This Month

In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-28749 MEDIUM This Month

Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure On Premise Meeting Connector Multimedia Router
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-29453 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google Maps plugin <= 1.2.1 at WordPress leading to Google Maps API key update. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF WordPress Api Key For Google Maps
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-29441 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin <= 2.1.10 at WordPress allows attackers to send messages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Private Messages
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-29439 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress allows deleting slides. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Image Slider By Nextcode
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-31072 LOW PATCH Monitor

Octokit is a Ruby toolkit for the GitHub API. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Octokit
NVD GitHub
CVSS 3.1
3.3
EPSS
0.3%
CVE-2022-31071 LOW PATCH Monitor

Octopoller is a micro gem for polling and retrying. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Octopoller
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy