Skip to main content
CVE-2022-36197 MEDIUM POC This Month

BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload Bigtree Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-35867 MEDIUM This Month

This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Xhyve
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-27551 MEDIUM This Month

HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hcl Launch
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-35864 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Track It
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-34872 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2022-27618 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Storage Analyzer
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-27619 MEDIUM This Month

Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Synology Note Station
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-35928 MEDIUM PATCH This Month

AES Crypt is a file encryption software for multiple platforms. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Aes Crypt
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-27620 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Sso Server
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2022-31175 MEDIUM PATCH This Month

CKEditor 5 is a JavaScript rich text editor. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Ckeditor5 Html Embed Ckeditor5 Html Support Ckeditor5 Markdown Gfm
NVD GitHub
CVSS 3.1
4.7
EPSS
0.6%
CVE-2022-27484 MEDIUM This Month

A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiadc
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-23442 MEDIUM This Month

An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-36800 MEDIUM This Month

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Atlassian Jira Service Management
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-27617 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Calendar
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy