Skip to main content
CVE-2022-37416 MEDIUM POC This Month

Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libmpeg2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-2685 MEDIUM POC This Month

A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Interview Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-2681 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Student Admission System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-37450 MEDIUM POC This Month

Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Go Ethereum
NVD GitHub
CVSS 3.1
5.9
EPSS
1.0%
CVE-2022-2684 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Apartment Visitors Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2683 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple Food Ordering System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2682 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Simple E-Commerce System. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Alphaware Simple E Commerce System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-35936 MEDIUM POC PATCH This Month

Ethermint is an Ethereum library. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Ethermint Kava Cronos Evmos
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-35163 MEDIUM POC This Month

Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the U_NAME parameter at /category/controller.php?action=edit. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Complete Online Job Search System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-35162 MEDIUM POC This Month

Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the CATEGORY parameter at /category/controller.php?action=edit. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Complete Online Job Search System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-33730 MEDIUM This Month

Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung RCE Buffer Overflow Android
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-2675 MEDIUM This Month

Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Go 1 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-36284 MEDIUM This Month

Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Affiliate For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-2512 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-2497 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.4
EPSS
1.0%
CVE-2022-33727 MEDIUM This Month

A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Android
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2022-33723 MEDIUM This Month

A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Android
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2022-31663 MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS VMware Identity Manager One Access Access Connector +1
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-37431 MEDIUM This Month

A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dotcms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-31618 MEDIUM PATCH This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Nvidia Null Pointer Dereference Denial Of Service Virtual Gpu
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-29071 MEDIUM This Month

This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cloudvision Portal
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36839 MEDIUM This Month

SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung SQLi Checkout
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36837 MEDIUM This Month

Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Samsung Email
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36836 MEDIUM This Month

Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Charm Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36831 MEDIUM This Month

Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Path Traversal Notes
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36830 MEDIUM This Month

PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Charm Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36829 MEDIUM This Month

PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Charm Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34769 MEDIUM This Month

Michlol - rashim web interface Insecure direct object references (IDOR). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Command Injection Michlol
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-33734 MEDIUM This Month

Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Charm
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-33721 MEDIUM This Month

A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-33715 MEDIUM This Month

Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-2500 MEDIUM This Month

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-36296 MEDIUM This Month

Broken Authentication vulnerability in JumpDEMAND Inc. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Activedemand
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-2539 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-2534 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-2531 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Grafana Path Traversal
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-36834 MEDIUM This Month

Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Game Launcher
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2022-36838 MEDIUM This Month

Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Galaxy Wearable
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2022-2417 MEDIUM This Month

Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.5
EPSS
0.6%
CVE-2020-1754 MEDIUM PATCH This Month

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Moodle
NVD VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-33717 MEDIUM This Month

A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-33716 MEDIUM This Month

An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-28880 MEDIUM This Month

A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Elements Endpoint Detection And Response Elements Endpoint Protection Atlant Cloud Protection For Salesforce +4
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-2499 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-2303 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-2095 MEDIUM This Month

An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy