Skip to main content
CVE-2022-36522 MEDIUM POC This Month

Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Routeros
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-36548 MEDIUM POC This Month

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Edoc Doctor Appointment System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0225 MEDIUM POC This Month

A flaw was found in Keycloak. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Keycloak Single Sign On
NVD GitHub
CVSS 3.1
5.4
EPSS
2.7%
CVE-2022-37150 MEDIUM POC This Month

An issue was discovered in Online Diagnostic Lab Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Diagnostic Lab Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0216 MEDIUM POC PATCH This Month

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Qemu Fedora
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2022-34303 MEDIUM This Month

A flaw was found in Eurosoft bootloaders before 2022-06-01. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Uefi Bootloader Enterprise Linux Windows 10 Windows 11 +6
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2022-34302 MEDIUM This Month

A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Uefi Bootloader Enterprise Linux Windows 10 Windows 11 +6
NVD
CVSS 3.1
6.7
EPSS
1.0%
CVE-2022-34301 MEDIUM This Month

A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Cryptopro Securedisk For Bitlocker Enterprise Linux Windows 10 Windows 11 +6
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2022-36542 MEDIUM This Month

An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Edoc Doctor Appointment System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-36547 MEDIUM This Month

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Edoc Doctor Appointment System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-0175 MEDIUM PATCH This Month

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Virglrenderer Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0171 MEDIUM PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Amd Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38533 MEDIUM PATCH This Month

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Binutils Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35714 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-36121 MEDIUM PATCH This Month

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Information Disclosure Blue Prism Enterprise
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-0207 MEDIUM PATCH This Month

A race condition was found in vdsm. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Vdsm Virtualization Virtualization For Ibm Power Little Endian +1
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2022-0168 MEDIUM PATCH This Month

A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Enterprise Linux
NVD
CVSS 3.1
4.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy