Skip to main content
CVE-2022-31159 MEDIUM POC PATCH This Month

The AWS SDK for Java enables Java developers to work with Amazon Web Services. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Aws Sdk Java
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-31153 MEDIUM POC PATCH This Month

OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Contracts
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-25869 MEDIUM POC This Month

All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Angularjs
NVD
CVSS 3.1
6.1
EPSS
6.8%
CVE-2022-32118 MEDIUM POC This Month

Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the dispatchcategory parameter in backoffice.inc.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS School Erp Pro
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-30242 MEDIUM This Month

Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Honeywell Information Disclosure Alerton Ascent Control Module Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
1.2%
CVE-2022-30245 MEDIUM This Month

Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Honeywell Information Disclosure Alerton Compass
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-35305 MEDIUM PATCH This Month

Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gollum
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-23201 MEDIUM PATCH This Month

Adobe RoboHelp versions 2020.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Adobe Robohelp
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-29890 MEDIUM This Month

In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Octopus Server
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-34826 MEDIUM This Month

In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-34252 MEDIUM This Month

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Incopy
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-34248 MEDIUM This Month

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-34244 MEDIUM This Month

Adobe Photoshop versions 22.5.7 (and earlier) and 23.3.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe Information Disclosure Photoshop
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-34239 MEDIUM This Month

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.9%
CVE-2022-34237 MEDIUM This Month

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Adobe Acrobat Dc +3
NVD
CVSS 3.1
5.5
EPSS
3.0%
CVE-2022-34236 MEDIUM This Month

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
3.0%
CVE-2022-34234 MEDIUM This Month

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Adobe Acrobat Dc +3
NVD
CVSS 3.1
5.5
EPSS
3.1%
CVE-2022-34233 MEDIUM This Month

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Adobe Acrobat Dc +3
NVD
CVSS 3.1
5.5
EPSS
4.2%
CVE-2022-34232 MEDIUM This Month

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Adobe Acrobat Dc +3
NVD
CVSS 3.1
5.5
EPSS
3.1%
CVE-2022-1881 MEDIUM This Month

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Octopus Server
NVD
CVSS 3.1
5.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy