Skip to main content
CVE-2022-33157 MEDIUM PATCH This Month

The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Libconnect
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-33156 MEDIUM PATCH This Month

The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Integration
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-22048 MEDIUM This Month

BitLocker Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 Windows 11 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-31102 MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes XSS Argo Cd
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-35227 MEDIUM This Month

A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-35225 MEDIUM This Month

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-35224 MEDIUM This Month

SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-35172 MEDIUM This Month

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-35170 MEDIUM This Month

SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32247 MEDIUM This Month

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-25303 MEDIUM PATCH This Month

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Python Whoogle Search
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-35169 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2022-22028 MEDIUM This Month

Windows Network File System Information Disclosure Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
5.9
EPSS
2.3%
CVE-2022-30223 MEDIUM This Month

Windows Hyper-V Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
5.7
EPSS
0.8%
CVE-2022-22711 MEDIUM This Month

Windows BitLocker Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7). No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server 2012 +3
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2022-30213 MEDIUM This Month

Windows GDI+ Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-35171 MEDIUM This Month

When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-33711 MEDIUM This Month

Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Microsoft Information Disclosure Android Usb Driver
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-33702 MEDIUM This Month

Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-33685 MEDIUM This Month

Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-30758 MEDIUM This Month

Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-34291 MEDIUM This Month

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pads Viewer
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-34290 MEDIUM This Month

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pads Viewer
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-34288 MEDIUM This Month

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pads Viewer
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-34287 MEDIUM This Month

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pads Viewer
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-34285 MEDIUM This Month

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pads Viewer
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-34283 MEDIUM This Month

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pads Viewer
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-34282 MEDIUM This Month

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pads Viewer
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-29602 MEDIUM PATCH This Month

The gridelements (aka Grid Elements) extension through 7.6.1, 8.x through 8.7.0, 9.x through 9.7.0, and 10.x through 10.2.0 extension for TYPO3 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Grid Elements
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-33155 MEDIUM PATCH This Month

The ameos_tarteaucitron (aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible) extension before 1.2.23 for TYPO3 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ameos Tarteaucitron
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-33154 MEDIUM PATCH This Month

The schema (aka Embedding schema.org vocabulary) extension before 1.13.1 and 2.x before 2.5.1 for TYPO3 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Schema
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-31655 MEDIUM PATCH This Month

VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

VMware XSS Vrealize Log Insight
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-31654 MEDIUM PATCH This Month

VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

VMware XSS Vrealize Log Insight
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-31598 MEDIUM This Month

Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Objects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-31597 MEDIUM This Month

Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP S 4Hana Sapscore
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-22682 MEDIUM This Month

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology XSS Calendar
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-32248 MEDIUM This Month

Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure S 4Hana
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-33911 MEDIUM This Month

An issue was discovered in Couchbase Server 7.x before 7.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-33712 MEDIUM This Month

Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Camera
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-33707 MEDIUM This Month

Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Find My Mobile
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-2366 MEDIUM This Month

Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mattermost Mattermost Server
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-34464 MEDIUM PATCH This Month

A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.7.3). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Information Disclosure Sicam Gridedge Essential Arm Sicam Gridedge Essential Gds Arm Sicam Gridedge Essential Gds Intel +1
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2022-33671 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2022-33669 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2022-33668 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2022-33664 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2022-33660 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2022-33659 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2022-33658 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2022-33654 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
4.9
EPSS
2.1%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy