Skip to main content
CVE-2022-28220 HIGH PATCH This Week

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Apache Command Injection James
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-25897 HIGH PATCH This Week

The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Milo
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-36093 HIGH PATCH This Week

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2022-38399 MEDIUM This Month

Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Cs Qr20 Firmware Cs Qr10 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-36736 MEDIUM This Month

Jitsi-2.10.5550 was discovered to contain a vulnerability in its web UI which allows attackers to perform a clickjacking attack via a crafted HTTP request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jitsi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-37146 MEDIUM This Month

The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Plextrac
NVD VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-38256 MEDIUM This Month

TastyIgniter v3.5.0 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tastyigniter
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-20863 MEDIUM This Month

A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Webex Teams
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-36095 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Xwiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-22314 LOW PATCH Monitor

IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure IBM Planning Analytics Workspace
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy