Skip to main content
CVE-2021-41672 MEDIUM POC This Month

PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Peel Shopping
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-24127 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Redcap
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-24004 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Redcap
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-29406 MEDIUM POC This Month

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in DynamicWebLab's WordPress Team Manager plugin <= 1.6.9 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Team Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-27859 MEDIUM POC This Month

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Nd Travel
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2087 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bank Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-20125 MEDIUM This Month

In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2022-30137 MEDIUM PATCH This Month

Executive Summary An Elevation of Privilege (EOP) vulnerability has been identified within Service Fabric clusters that run Docker containers. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Docker Service Fabric
NVD
CVSS 3.1
6.7
EPSS
1.2%
CVE-2022-20233 MEDIUM This Month

In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20201 MEDIUM This Month

In getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20185 MEDIUM This Month

In TBD of TBD, there is a possible use after free bug. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Google Use After Free Denial Of Service +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20183 MEDIUM This Month

In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20178 MEDIUM This Month

In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Integer Overflow Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20166 MEDIUM PATCH This Month

In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20153 MEDIUM This Month

In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20152 MEDIUM This Month

In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-30189 MEDIUM PATCH This Month

Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2022-24436 MEDIUM This Month

Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
12.1%
CVE-2022-23823 MEDIUM This Month

A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Amd Information Disclosure Athlon X4 750 Firmware Athlon X4 760K Firmware Athlon X4 830 Firmware +139
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-20819 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-20202 MEDIUM This Month

In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-1958 MEDIUM This Month

A vulnerability classified as critical has been found in FileCloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Filecloud
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-20154 MEDIUM This Month

In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Privilege Escalation Denial Of Service Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-20148 MEDIUM This Month

In TBD of TBD, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-30184 MEDIUM PATCH This Month

.NET and Visual Studio Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Visual Studio 2022 Net Net Core Nuget +2
NVD
CVSS 3.1
5.5
EPSS
5.3%
CVE-2022-30172 MEDIUM PATCH This Month

Microsoft Office Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server Office Web Apps Server Sharepoint Server
NVD
CVSS 3.1
5.5
EPSS
2.4%
CVE-2022-30171 MEDIUM PATCH This Month

Microsoft Office Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server Office Web Apps Server Sharepoint Server
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2022-30162 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-30159 MEDIUM PATCH This Month

Microsoft Office Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Office Online Server Office Web Apps Server Sharepoint Server
NVD
CVSS 3.1
5.5
EPSS
2.4%
CVE-2022-30155 MEDIUM PATCH This Month

Windows Kernel Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
5.5
EPSS
4.7%
CVE-2022-30148 MEDIUM PATCH This Month

Windows Desired State Configuration (DSC) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2022-30669 MEDIUM PATCH This Month

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Adobe Buffer Overflow Information Disclosure Illustrator
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2022-30668 MEDIUM PATCH This Month

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Adobe Buffer Overflow Information Disclosure Illustrator
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2022-30667 MEDIUM PATCH This Month

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Adobe Buffer Overflow Information Disclosure Illustrator
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2022-30666 MEDIUM PATCH This Month

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Adobe Buffer Overflow Information Disclosure Illustrator
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2022-21180 MEDIUM PATCH This Month

Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Xeon E3 1585 V5 Firmware Xeon E3 1585L V5 Firmware Xeon E3 1578L V5 Firmware +404
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-21166 MEDIUM PATCH This Month

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen Fedora Sgx Dcap +4
NVD
CVSS 3.1
5.5
EPSS
5.9%
CVE-2022-28850 MEDIUM PATCH This Month

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Adobe Buffer Overflow Information Disclosure Bridge
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2022-21127 MEDIUM PATCH This Month

Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen Sgx Dcap Sgx Psw +2
NVD
CVSS 3.1
5.5
EPSS
5.5%
CVE-2022-21125 MEDIUM PATCH This Month

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen Fedora Sgx Dcap +4
NVD
CVSS 3.1
5.5
EPSS
6.5%
CVE-2022-21123 MEDIUM PATCH This Month

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen Fedora Sgx Dcap +4
NVD
CVSS 3.1
5.5
EPSS
6.3%
CVE-2022-22444 MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20206 MEDIUM This Month

In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20205 MEDIUM This Month

In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20200 MEDIUM This Month

In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20172 MEDIUM This Month

In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20146 MEDIUM This Month

In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20143 MEDIUM This Month

In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20129 MEDIUM This Month

In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-21938 MEDIUM This Month

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Metasys Application And Data Server Metasys Extended Application And Data Server Metasys Open Application Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy