Skip to main content
CVE-2022-32065 MEDIUM POC PATCH This Month

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS File Upload Ruoyi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-32274 MEDIUM POC This Month

The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian The Scheduler
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34754 MEDIUM PATCH This Month

A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Acti9 Powertag Link C A9Xelc10 A Firmware Acti9 Powertag Link C A9Xelc10 B Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-31145 MEDIUM PATCH This Month

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Flyteadmin
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-20228 MEDIUM PATCH This Month

In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Google Use After Free Information Disclosure +2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-20221 MEDIUM PATCH This Month

In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-20217 MEDIUM This Month

There is a unauthorized broadcast in the SprdContactsProvider. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-32308 MEDIUM PATCH This Month

Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Ublock Origin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32074 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Osticket
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.4%
CVE-2022-2380 MEDIUM PATCH This Month

The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Information Disclosure Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20230 MEDIUM PATCH This Month

In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20227 MEDIUM PATCH This Month

In USB driver, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20225 MEDIUM PATCH This Month

In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20219 MEDIUM This Month

In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Java Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-34358 MEDIUM PATCH This Month

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-34765 MEDIUM PATCH This Month

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Opc Ua Module For M580 Firmware X80 Advanced Rtu Module Firmware
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-34757 MEDIUM PATCH This Month

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Easergy P5 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-34758 MEDIUM PATCH This Month

A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Easergy P5 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy