Skip to main content
CVE-2022-30517 MEDIUM POC This Month

Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mogublog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-25875 MEDIUM POC PATCH This Month

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization and to improper escape of attributes when using objects during SSR (Server-Side. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Svelte
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-2364 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Parking Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2293 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Simple Sales Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Sales Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2292 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hotel Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2291 MEDIUM POC This Month

A vulnerability was found in SourceCodester Hotel Management System 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hotel Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2363 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Parking Management System 1.0. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Parking Management System
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.6%
CVE-2022-22041 MEDIUM This Month

Windows Print Spooler Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
6.8
EPSS
2.3%
CVE-2022-30214 MEDIUM This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition RCE Microsoft Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
6.6
EPSS
1.0%
CVE-2022-30205 MEDIUM This Month

Windows Group Policy Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Microsoft Information Disclosure Windows 10 Windows 11 +8
NVD
CVSS 3.1
6.6
EPSS
1.1%
CVE-2022-22023 MEDIUM This Month

Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2022-33673 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-33672 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-33667 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-33666 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-33665 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-33663 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-33662 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-33661 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-33657 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-33656 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-33655 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2022-33643 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-33641 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery Vmware To Azure
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-33637 MEDIUM This Month

Microsoft Defender for Endpoint Tampering Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Defender For Endpoint
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-30208 MEDIUM This Month

Windows Security Account Manager (SAM) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2022-30181 MEDIUM This Month

Azure Site Recovery Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Site Recovery
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-22042 MEDIUM This Month

Windows Hyper-V Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2022-2211 MEDIUM This Month

A vulnerability was found in libguestfs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libguestfs Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-29619 MEDIUM This Month

Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-29901 MEDIUM This Month

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Intel Information Disclosure Core I7 6500U Firmware Core I7 6510U Firmware +127
NVD
CVSS 3.1
6.5
EPSS
4.9%
CVE-2022-29900 MEDIUM This Month

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Debian Linux Fedora Xen Athlon X4 750 Firmware +122
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2022-34741 MEDIUM This Month

The NFC module has a buffer overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos Magic Ui
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-34740 MEDIUM This Month

The NFC module has a buffer overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos Magic Ui
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-34467 MEDIUM PATCH This Month

A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Excel Importer
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34466 MEDIUM PATCH This Month

A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Mendix
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31904 MEDIUM This Month

EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Online_Update.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Mediacenter
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-33157 MEDIUM PATCH This Month

The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Libconnect
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-33156 MEDIUM PATCH This Month

The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Integration
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-22048 MEDIUM This Month

BitLocker Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 Windows 11 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-31102 MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes XSS Argo Cd
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-35227 MEDIUM This Month

A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-35225 MEDIUM This Month

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-35224 MEDIUM This Month

SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-35172 MEDIUM This Month

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-35170 MEDIUM This Month

SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32247 MEDIUM This Month

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-25303 MEDIUM PATCH This Month

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Python Whoogle Search
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-35169 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2022-22028 MEDIUM This Month

Windows Network File System Information Disclosure Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
5.9
EPSS
2.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy