Skip to main content
CVE-2022-26308 MEDIUM This Month

Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pandora Fms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-32750 MEDIUM PATCH This Month

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Datapower Gateway
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-31774 MEDIUM PATCH This Month

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Datapower Gateway
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-35917 MEDIUM PATCH This Month

Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pay
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-35916 MEDIUM PATCH This Month

OpenZeppelin Contracts is a library for secure smart contract development. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Contracts Contracts Upgradeable
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-35915 MEDIUM PATCH This Month

OpenZeppelin Contracts is a library for secure smart contract development. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Contracts Contracts Upgradeable Openzeppelin Eth Openzeppelin Solidity
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-31189 MEDIUM PATCH This Month

DSpace open source software is a repository application which provides durable access to digital resources. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dspace
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-31190 MEDIUM PATCH This Month

DSpace open source software is a repository application which provides durable access to digital resources. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Dspace
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-31185 MEDIUM PATCH This Month

mprweb is a hosting platform for the makedeb Package Repository. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mprweb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-31182 MEDIUM PATCH This Month

Discourse is the an open source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nginx Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-26436 MEDIUM This Month

In emi mpu, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-21791 MEDIUM This Month

In camera isp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-21790 MEDIUM This Month

In camera isp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-35921 MEDIUM PATCH This Month

fof/byobu is a private discussions extension for Flarum forum. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Byobu
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-31178 MEDIUM This Month

eLabFTW is an electronic lab notebook manager for research teams. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-31155 MEDIUM PATCH This Month

Sourcegraph is an opensource code search and navigation engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Sourcegraph
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-31154 MEDIUM PATCH This Month

Sourcegraph is an opensource code search and navigation engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Sourcegraph
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-34307 MEDIUM PATCH This Month

IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-1561 MEDIUM This Month

Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Krakend Lura
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-22334 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-31186 LOW PATCH Monitor

NextAuth.js is a complete open source authentication solution for Next.js applications. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nextauth Js
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-22326 LOW PATCH Monitor

IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Datapower Gateway Mq Appliance M2002 Firmware Mq Appliance M2001 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-31177 LOW PATCH Monitor

Flask-AppBuilder is an application development framework built on top of Flask python framework. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Python Flask Appbuilder
NVD GitHub
CVSS 3.1
2.7
EPSS
0.6%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy