Skip to main content
CVE-2022-32209 MEDIUM POC PATCH THREAT This Month

# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rails Html Sanitizers Fedora Debian Linux
NVD
CVSS 3.1
6.1
EPSS
29.3%
CVE-2022-32990 MEDIUM POC This Month

An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gimp
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-33910 MEDIUM POC PATCH This Month

An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mantisbt
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-29330 MEDIUM POC This Month

Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vitalpbx
NVD VulDB
CVSS 3.1
4.9
EPSS
0.9%
CVE-2022-33122 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-1745 MEDIUM This Month

The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Imagecast X
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-1744 MEDIUM This Month

Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Imagecast X
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-1743 MEDIUM This Month

The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Imagecast X
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-1742 MEDIUM This Month

The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Imagecast X
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-1741 MEDIUM This Month

The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Imagecast X
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-1739 MEDIUM This Month

The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Imagecast X
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2022-22389 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft SQLi Db2
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-2121 MEDIUM This Month

OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Dcmtk
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-1666 MEDIUM This Month

The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-32141 MEDIUM This Month

Multiple CODESYS Products are prone to a buffer over read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-32140 MEDIUM This Month

Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-32139 MEDIUM This Month

In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-32136 MEDIUM This Month

In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Plcwinnt Runtime Toolkit
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-30120 MEDIUM PATCH This Month

XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-30119 MEDIUM This Month

XSS in /dashboard/reports/logs/view - old browsers only. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-30118 MEDIUM This Month

Title for CVE: XSS in /dashboard/system/express/entities/forms/save_control/[GUID]: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-30028 MEDIUM This Month

Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Dradis
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2022-1524 MEDIUM This Month

LRM version 2.4 and lower does not implement TLS encryption. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Local Run Manager
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-29096 MEDIUM This Month

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dell Information Disclosure Wyse Management Suite
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-27238 MEDIUM This Month

BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bigbluebutton
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-22502 MEDIUM This Month

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-29578 MEDIUM This Month

Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Meridian
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-31803 MEDIUM This Month

In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gateway
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-29097 MEDIUM This Month

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Path Traversal Wyse Management Suite
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2022-33953 MEDIUM This Month

IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2022-1747 MEDIUM This Month

The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Imagecast X
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2022-1740 MEDIUM This Month

The tested version of Dominion Voting Systems ImageCast X’s on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Imagecast X
NVD
CVSS 3.1
4.6
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy