Skip to main content
CVE-2022-31109 MEDIUM PATCH This Month

laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Laminas Diactoros
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-34163 MEDIUM PATCH This Month

IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Cics Tx
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-34162 MEDIUM This Month

IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Cics Tx
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-34164 MEDIUM PATCH This Month

IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34530 MEDIUM This Month

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Backdrop Cms
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-31148 MEDIUM PATCH This Month

Shopware is an open source e-commerce software. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Shopware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-31128 MEDIUM PATCH This Month

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Tuleap
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36343 MEDIUM This Month

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Enable Svg Webp Ico Upload
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-36302 MEDIUM This Month

File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bf Os
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-26308 MEDIUM This Month

Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pandora Fms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-32750 MEDIUM PATCH This Month

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Datapower Gateway
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-31774 MEDIUM PATCH This Month

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Datapower Gateway
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-35917 MEDIUM PATCH This Month

Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pay
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-35916 MEDIUM PATCH This Month

OpenZeppelin Contracts is a library for secure smart contract development. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Contracts Contracts Upgradeable
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-35915 MEDIUM PATCH This Month

OpenZeppelin Contracts is a library for secure smart contract development. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Contracts Contracts Upgradeable Openzeppelin Eth Openzeppelin Solidity
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-31189 MEDIUM PATCH This Month

DSpace open source software is a repository application which provides durable access to digital resources. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dspace
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-31190 MEDIUM PATCH This Month

DSpace open source software is a repository application which provides durable access to digital resources. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Dspace
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-31185 MEDIUM PATCH This Month

mprweb is a hosting platform for the makedeb Package Repository. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mprweb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-31182 MEDIUM PATCH This Month

Discourse is the an open source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nginx Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-26436 MEDIUM This Month

In emi mpu, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-21791 MEDIUM This Month

In camera isp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-21790 MEDIUM This Month

In camera isp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-35921 MEDIUM PATCH This Month

fof/byobu is a private discussions extension for Flarum forum. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Byobu
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-31178 MEDIUM This Month

eLabFTW is an electronic lab notebook manager for research teams. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-31155 MEDIUM PATCH This Month

Sourcegraph is an opensource code search and navigation engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Sourcegraph
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-31154 MEDIUM PATCH This Month

Sourcegraph is an opensource code search and navigation engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Sourcegraph
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-34307 MEDIUM PATCH This Month

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-1561 MEDIUM This Month

Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Krakend Lura
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-22334 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy