Skip to main content
CVE-2022-2503 MEDIUM POC This Month

Dm-verity is used for extending root-of-trust to root filesystems. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Linux Kernel
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-35953 MEDIUM POC This Month

BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Bookwyrm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2800 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Gym Management System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gym Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-35590 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-35589 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-35587 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-35585 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fork Cms
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2022-20313 MEDIUM This Month

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-20269 MEDIUM This Month

In Bluetooth, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-28634 MEDIUM This Month

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-28626 MEDIUM This Month

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Integrated Lights Out 5 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-20314 MEDIUM This Month

In KeyChain, there is a possible spoof keychain chooser activity request due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20306 MEDIUM This Month

In Camera Provider HAL, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Privilege Escalation Memory Corruption Buffer Overflow +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-38183 MEDIUM PATCH This Month

In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitea
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-2622 MEDIUM This Month

Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Google Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2618 MEDIUM This Month

Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2616 MEDIUM This Month

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-2615 MEDIUM This Month

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2612 MEDIUM This Month

Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2610 MEDIUM This Month

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2605 MEDIUM This Month

Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-20334 MEDIUM This Month

In Bluetooth, there are possible process crashes due to dereferencing a null pointer. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Null Pointer Dereference Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-20333 MEDIUM This Month

In Bluetooth, there is a possible crash due to a missing null check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Null Pointer Dereference Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-20273 MEDIUM This Month

In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-20253 MEDIUM This Month

In Bluetooth, there is a possible cleanup failure due to an uncaught exception. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-38180 MEDIUM PATCH This Month

In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ktor
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-20256 MEDIUM This Month

In the Audio HAL, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-37044 MEDIUM PATCH This Month

In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-38179 MEDIUM PATCH This Month

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ktor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-37043 MEDIUM PATCH This Month

An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Collaboration
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2022-20341 MEDIUM This Month

In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20332 MEDIUM This Month

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20326 MEDIUM This Month

In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20324 MEDIUM This Month

In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20323 MEDIUM This Month

In PackageManager, there is a possible package installation disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20322 MEDIUM This Month

In PackageManager, there is a possible installed package disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20317 MEDIUM This Month

In SystemUI, there is a possible way to unexpectedly enable the external speaker due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20312 MEDIUM This Month

In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20304 MEDIUM This Month

In Content, there is a possible way to determinate the user's account due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20303 MEDIUM This Month

In ContentService, there is a possible way to determine if an account is on the device without GET_ACCOUNTS permission due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20301 MEDIUM This Month

In Content, there is a possible way to check if an account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20300 MEDIUM This Month

In Content, there is a possible way to check if the given account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20299 MEDIUM This Month

In ContentService, there is a possible way to check if the given account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20298 MEDIUM This Month

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20296 MEDIUM This Month

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20295 MEDIUM This Month

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20294 MEDIUM This Month

In Content, there is a possible way to learn about an account present on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20293 MEDIUM This Month

In LauncherApps, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20291 MEDIUM This Month

In AppOpsService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20290 MEDIUM This Month

In Midi, there is a possible way to learn about private midi devices due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy