Skip to main content
CVE-2022-2653 MEDIUM POC PATCH This Month

With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Planka
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-2646 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Online Admission System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Admission System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-2652 MEDIUM POC PATCH This Month

Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service V4L2Loopback
NVD GitHub
CVSS 3.1
6.0
EPSS
0.3%
CVE-2022-35144 MEDIUM POC PATCH This Month

Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Raneto
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-33962 MEDIUM This Month

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-35241 MEDIUM This Month

In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nginx Denial Of Service Nginx Instance Manager
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-34851 MEDIUM This Month

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-33947 MEDIUM This Month

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Deserialization Big Ip Domain Name System
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-30535 MEDIUM This Month

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nginx Information Disclosure Nginx Ingress Controller
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-28731 MEDIUM PATCH This Month

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache CSRF Jspwiki
NVD
CVSS 3.1
6.5
EPSS
56.3%
CVE-2022-2645 MEDIUM This Month

A vulnerability has been found in SourceCodester Garage Management System and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Garage Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-28732 MEDIUM PATCH This Month

A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Jspwiki
NVD
CVSS 3.1
6.1
EPSS
81.9%
CVE-2022-28730 MEDIUM PATCH This Month

A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Jspwiki
NVD
CVSS 3.1
6.1
EPSS
85.3%
CVE-2022-27166 MEDIUM PATCH This Month

A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Jspwiki
NVD
CVSS 3.1
6.1
EPSS
85.3%
CVE-2022-35272 MEDIUM This Month

In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-31118 MEDIUM PATCH This Month

Nextcloud server is an open source personal cloud solution. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Nextcloud PHP Denial Of Service Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-33968 MEDIUM This Month

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-31119 MEDIUM PATCH This Month

Nextcloud Mail is an email application for the nextcloud personal cloud product. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Mail
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy