Skip to main content
CVE-2022-36661 MEDIUM POC This Month

xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_read(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xhyve
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-36659 MEDIUM POC This Month

xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_write(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xhyve
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31167 MEDIUM POC PATCH This Month

XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31251 MEDIUM POC This Month

A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Privilege Escalation Factory
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2022-37731 MEDIUM POC This Month

ftcms 2.1 poster.PHP has a XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ftcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-36083 MEDIUM POC PATCH This Month

JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Node.js Jose
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-30312 MEDIUM This Month

The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Trend Iq412 Firmware Trend Iq411 Firmware Trend Iq422 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-38254 MEDIUM This Month

Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nagios Xi
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-38249 MEDIUM This Month

Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-38248 MEDIUM This Month

Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nagios Xi
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2022-36080 MEDIUM PATCH This Month

Wikmd is a file based wiki that uses markdown. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wikmd
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-36088 MEDIUM PATCH This Month

GoCD is a continuous delivery server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Gocd
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36082 MEDIUM PATCH This Month

mangadex-downloader is a command-line tool to download manga from MangaDex. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mangadex Downloader
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-21950 MEDIUM This Month

A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Canna
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-38251 MEDIUM This Month

Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
4.8
EPSS
1.7%
CVE-2022-38247 MEDIUM This Month

Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
4.8
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy