Skip to main content
CVE-2022-38812 MEDIUM POC This Month

AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Aerocms
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2022-2521 MEDIUM POC This Month

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-2520 MEDIUM POC This Month

A flaw was found in libtiff 4.4.0rc1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-2519 MEDIUM POC This Month

There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libtiff Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-36203 MEDIUM POC This Month

Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Doctor S Appointment System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-37183 MEDIUM POC This Month

Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Piwigo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-1355 MEDIUM POC PATCH This Month

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Stack Overflow Buffer Overflow Libtiff Fedora +3
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38153 MEDIUM POC This Month

An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Wolfssl
NVD GitHub
CVSS 3.1
5.9
EPSS
1.8%
CVE-2022-2153 MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Fedora +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-1354 MEDIUM POC PATCH This Month

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Libtiff Fedora +3
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-1325 MEDIUM POC PATCH This Month

A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cimg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-1263 MEDIUM POC PATCH This Month

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-39046 MEDIUM POC This Month

An issue was discovered in the GNU C Library (glibc) 2.36. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glibc H300s Firmware H500s Firmware H700s Firmware +3
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2022-1205 MEDIUM POC PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. Rated medium severity (CVSS 4.7). Public exploit code available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2022-37023 MEDIUM PATCH This Month

Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Deserialization Java Geode
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-26331 MEDIUM This Month

Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS Arcsight Logger
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-1508 MEDIUM PATCH This Month

An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Linux Information Disclosure Buffer Overflow Linux Kernel
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2022-2758 MEDIUM This Month

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Xg5000 Xgk Cpuun Firmware Xgk Cpuhn Firmware Xgk Cpusn Firmware +231
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-2898 MEDIUM This Month

Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Scadapro Client Scadapro Server
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-28625 MEDIUM This Month

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-1975 MEDIUM PATCH This Month

There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-1841 MEDIUM PATCH This Month

In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-36046 MEDIUM PATCH This Month

Next.js is a React framework that can provide building blocks to create web applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Node.js Next Js
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-27911 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-36048 MEDIUM This Month

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zulip
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-1974 MEDIUM PATCH This Month

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. Rated medium severity (CVSS 4.1). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Linux Use After Free Linux Kernel
NVD GitHub
CVSS 3.1
4.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy