Skip to main content
CVE-2022-35286 HIGH PATCH This Week

IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Security Verify Information Queue
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-33745 HIGH PATCH This Week

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-1498 MEDIUM POC This Month

Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-1495 MEDIUM POC This Month

Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-1488 MEDIUM POC This Month

Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-22686 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Synology Calendar
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2022-29957 HIGH This Week

The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Deltav Distributed Control System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2225 HIGH PATCH This Week

By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Warp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-30276 HIGH This Week

The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moscad Ip Gateway Firmware Ace Ip Gateway 4600 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-31205 HIGH This Week

In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sysmac Cs1 Firmware Sysmac Cj2M Firmware Sysmac Cj2H Firmware Sysmac Cp1E Firmware +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-31204 HIGH This Week

Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sysmac Cs1 Firmware Sysmac Cj2M Firmware Sysmac Cj2H Firmware Sysmac Cp1E Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-30275 HIGH This Week

The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mdlc
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-35639 HIGH PATCH This Week

IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Sterling Partner Engagement Manager Sterling Partner Engagement Manager On Cloud
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33977 HIGH PATCH This Week

untangle is a python library to convert XML data to python objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Untangle
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-31471 HIGH PATCH This Week

untangle is a python library to convert XML data to python objects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Python Untangle
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-30272 HIGH This Week

The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ace1000 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2022-1648 HIGH This Week

Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal PHP Pandora Fms
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-1671 HIGH PATCH This Week

A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Linux Null Pointer Dereference Denial Of Service Linux Kernel H300s Firmware +4
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-1651 HIGH PATCH This Week

A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-1500 MEDIUM This Month

Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-30706 MEDIUM This Month

Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Booked
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-29965 MEDIUM This Month

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Deltav Distributed Control System Deltav Distributed Control System Sq Controller Firmware Deltav Distributed Control System Sx Controller Firmware Se4002S1T2B6 High Side 40 Pin Mass I O Terminal Block Firmware +21
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-29964 MEDIUM This Month

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Deltav Distributed Control System Sq Controller Firmware Deltav Distributed Control System Sx Controller Firmware Se4002S1T2B6 High Side 40 Pin Mass I O Terminal Block Firmware Se4003S2B4 16 Pin Mass I O Terminal Block Firmware +20
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-29963 MEDIUM This Month

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Deltav Distributed Control System Sq Controller Firmware Deltav Distributed Control System Sx Controller Firmware Se4002S1T2B6 High Side 40 Pin Mass I O Terminal Block Firmware Se4003S2B4 16 Pin Mass I O Terminal Block Firmware +20
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-29962 MEDIUM This Month

The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Deltav Distributed Control System Sq Controller Firmware Deltav Distributed Control System Sx Controller Firmware Se4002S1T2B6 High Side 40 Pin Mass I O Terminal Block Firmware Se4003S2B4 16 Pin Mass I O Terminal Block Firmware +20
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-29960 MEDIUM This Month

Emerson OpenBSI through 2022-04-29 uses weak cryptography. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openbsi
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-27105 MEDIUM This Month

InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Inmailx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-22412 MEDIUM This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a login access token. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2022-1637 MEDIUM This Month

Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
4.3
EPSS
0.7%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy