Skip to main content
CVE-2022-2953 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Libtiff Ontap Select Deploy Administration Utility Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-1204 MEDIUM POC PATCH This Month

A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-1198 MEDIUM POC PATCH This Month

A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-1115 MEDIUM POC PATCH This Month

A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-1016 MEDIUM POC This Month

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-0852 MEDIUM POC PATCH This Month

There is a flaw in convert2rhel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Red Hat Convert2Rhel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-0851 MEDIUM POC This Month

There is a flaw in convert2rhel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Convert2Rhel Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0496 MEDIUM POC PATCH This Month

A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Openscad
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35020 MEDIUM POC This Month

Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Advancecomp Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35019 MEDIUM POC This Month

Advancecomp v2.3 was discovered to contain a segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advancecomp Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35018 MEDIUM POC This Month

Advancecomp v2.3 was discovered to contain a segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advancecomp Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35017 MEDIUM POC This Month

Advancecomp v2.3 was discovered to contain a heap buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Advancecomp Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35016 MEDIUM POC This Month

Advancecomp v2.3 was discovered to contain a heap buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Advancecomp Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35015 MEDIUM POC This Month

Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Advancecomp Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-35014 MEDIUM POC This Month

Advancecomp v2.3 contains a segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Advancecomp Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-36194 MEDIUM POC This Month

Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Centreon
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-2373 MEDIUM POC This Month

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Simply Schedule Appointments
NVD WPScan
CVSS 3.1
5.3
EPSS
1.4%
CVE-2022-2034 MEDIUM POC This Month

The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Sensei Lms
NVD WPScan
CVSS 3.1
5.3
EPSS
1.9%
CVE-2022-0718 MEDIUM POC PATCH This Month

A flaw was found in python-oslo-utils. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python Oslo Utils Openshift Container Platform Openstack Platform +1
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2022-38625 HIGH This Week

Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Nbm D88N Firmware Nhl 3Fb1 Firmware Nhl 3Fv1N Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-38772 HIGH This Week

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Netflow Analyzer Manageengine Network Configuration Manager Manageengine Opmanager +3
NVD
CVSS 3.1
8.8
EPSS
77.6%
CVE-2022-3035 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Snipe It
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-2374 MEDIUM POC This Month

The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simply Schedule Appointments
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0485 MEDIUM POC PATCH This Month

A flaw was found in the copying tool `nbdcopy` of libnbd. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libnbd Enterprise Linux
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2022-0336 HIGH PATCH This Week

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Samba Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-37059 MEDIUM POC This Month

Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Subrion Cms
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-1117 HIGH PATCH This Week

A vulnerability was found in fapolicyd. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Path Traversal Fapolicyd
NVD GitHub
CVSS 3.1
8.4
EPSS
0.3%
CVE-2022-2267 MEDIUM POC This Month

The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Mailchimp For Woocommerce
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-2080 MEDIUM POC This Month

The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Sensei Lms
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-0358 HIGH PATCH This Week

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Qemu Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-37681 HIGH This Week

Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Hc Ip9100Hd Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-37680 HIGH This Week

An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hc Ip9100Hd Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-36034 HIGH PATCH This Week

nitrado.js is a type safe wrapper for the Nitrado API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nitrado Js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-27558 HIGH This Week

HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Domino Hcl Inotes
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-1199 HIGH PATCH This Week

A flaw was found in the Linux kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +7
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-0934 HIGH PATCH This Week

A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Dnsmasq Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-0400 HIGH This Week

An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Information Disclosure Buffer Overflow Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-27547 HIGH This Week

HCL iNotes is susceptible to a link to non-existent domain vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Hcl Inotes Domino
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2022-2961 HIGH This Week

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +6
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-2556 LOW POC Monitor

The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Mailchimp For Woocommerce
NVD WPScan
CVSS 3.1
2.7
EPSS
0.6%
CVE-2022-0669 MEDIUM PATCH This Month

A flaw was found in dpdk. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Data Plane Development Kit Openvswitch Openshift Container Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-27546 MEDIUM This Month

HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hcl Inotes Domino
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-35962 MEDIUM This Month

Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Zulip
NVD GitHub
CVSS 3.1
5.7
EPSS
0.9%
CVE-2022-1184 MEDIUM PATCH This Month

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0480 MEDIUM PATCH This Month

A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Linux Denial Of Service Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-25641 MEDIUM This Month

Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pdf Editor Pdf Reader Phantompdf
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36037 MEDIUM PATCH This Month

kirby is a content management system (CMS) that adapts to many different projects and helps you build your own ideal interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Kirby
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-31677 MEDIUM PATCH This Month

An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Pinniped
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-0812 MEDIUM PATCH This Month

An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
4.3
EPSS
1.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy