Skip to main content
CVE-2022-1873 MEDIUM POC This Month

Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-34551 MEDIUM POC This Month

Sims v1.0 was discovered to allow path traversal when downloading attachments. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Sims
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-24406 MEDIUM POC This Month

OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ox App Suite
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-23101 MEDIUM POC This Month

OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-34611 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Fire Reporting System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2549 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-34529 MEDIUM POC This Month

WASM3 v0.5.0 was discovered to contain a segmentation fault via the component Compile_Memory_CopyFill. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Wasm3
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-34612 MEDIUM POC PATCH This Month

Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Rizin
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-34550 MEDIUM POC This Month

Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Student Information Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-23099 MEDIUM POC This Month

OX App Suite through 7.10.6 allows XSS by forcing block-wise read. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS App Suite
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-34594 MEDIUM POC This Month

Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ip/school/moudel/update_subject.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Advanced School Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-1869 MEDIUM This Month

Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-1868 MEDIUM This Month

Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1867 MEDIUM This Month

Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-1862 MEDIUM This Month

Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-1858 MEDIUM This Month

Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Chrome
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-36954 MEDIUM This Month

In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Netbackup
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-36911 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Openstack Heat
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-36909 MEDIUM This Month

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Openshift Deployer
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-36908 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Openshift Deployer
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-36907 MEDIUM This Month

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Openshift Deployer
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-36906 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Openshift Deployer
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-36901 MEDIUM PATCH This Month

Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Http Request
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-36896 MEDIUM PATCH This Month

A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Compuware Source Code Download For Endevor Pds And Ispw
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-36894 MEDIUM PATCH This Month

An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Clif Performance Testing
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-36888 MEDIUM PATCH This Month

A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Jenkins Hashicorp Vault
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-36922 MEDIUM PATCH This Month

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Lucene Search
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-36880 MEDIUM This Month

The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Usermin Webmin
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-35669 MEDIUM This Month

Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 20.005.30334 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Buffer Overflow Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-36879 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.18.14. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux A700S Firmware +21
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-36948 MEDIUM This Month

In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netbackup
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-33943 MEDIUM This Month

Authenticated (contributor or higher user role) Cross-Site Scripting (XSS) vulnerability in Nico Amarilla's BxSlider WP plugin <= 2.0.0 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Bxslider Wp
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36910 MEDIUM PATCH This Month

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Lucene Search
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-36905 MEDIUM This Month

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Maven Metadata
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-36902 MEDIUM This Month

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of Moded Extended Choice parameters, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Dynamic Extended Choice Parameter
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-36885 MEDIUM PATCH This Month

Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Github
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-36884 MEDIUM PATCH This Month

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Git
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-1875 MEDIUM This Month

Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-1872 MEDIUM This Month

Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-1871 MEDIUM This Month

Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-36953 MEDIUM This Month

In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Netbackup
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-36919 MEDIUM This Month

A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Coverity
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-36918 MEDIUM This Month

Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Buckminster
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-36917 MEDIUM This Month

A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Jenkins Google Cloud Backup
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-36915 MEDIUM This Month

Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Jenkins Android Signing
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-36914 MEDIUM This Month

Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Files Found Trigger
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-36913 MEDIUM This Month

Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Openstack Heat
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-36912 MEDIUM This Month

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Openstack Heat
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-36904 MEDIUM This Month

Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Repository Connector
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-36903 MEDIUM This Month

A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Repository Connector
NVD
CVSS 3.1
4.3
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy