Skip to main content
CVE-2022-36861 MEDIUM This Month

Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-36617 MEDIUM This Month

Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arq Backup
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2022-38068 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apasionados Export Post Info plugin <= 1.1.0 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Export Post Info
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-37412 MEDIUM This Month

Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Galerio & Urda's Better Delete Revision plugin <= 1.6.1 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Better Delete Revision
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-37404 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Salazar's add2fav plugin <= 1.0 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Add2Fav
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-37403 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nikhil Vaghela's Add User Role plugin <= 0.0.1 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Add User Role
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-37335 MEDIUM This Month

Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in WHA's Word Search Puzzles game plugin <= 2.0.1 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Word Search Puzzles
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-36859 MEDIUM This Month

Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim&#39;s devices. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Smarttagplugin
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-36356 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin <= 4.0.1 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Culture Object
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-35725 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hans Matzen's wp-forecast plugin <= 7.5 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wp Forecast
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-35275 MEDIUM This Month

Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin <= 3.3.1 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Advanced Order Export For Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-36850 MEDIUM This Month

Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid. Rated medium severity (CVSS 4.7). No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2022-40307 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.19.8. Rated medium severity (CVSS 4.7).

Linux Race Condition Information Disclosure Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2022-36851 MEDIUM This Month

Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Samsung Pass
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2022-38058 MEDIUM This Month

Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Wp Shamsi
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-26390 MEDIUM This Month

The Baxter Spectrum Wireless Battery Module (WBM) stores network credentials and PHI (only applicable to Spectrum IQ pumps using auto programming) in unencrypted form. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Spectrum Wireless Battery Module Firmware Sigma Spectrum 35700Bax Firmware Sigma Spectrum 35700Bax2 Firmware Baxter Spectrum Iq 35700Bax3 Firmware
NVD
CVSS 3.1
4.2
EPSS
0.4%
CVE-2022-38701 LOW Monitor

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Openharmony
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-36878 LOW Monitor

Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local attacker to access IMEI via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Find My Mobile
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-36877 LOW Monitor

Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Samsung Members
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-36866 LOW Monitor

Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Group Sharing
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-36865 LOW Monitor

Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Group Sharing
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-36856 LOW Monitor

Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-36852 LOW Monitor

Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-36422 LOW Monitor

Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP-PostRatings plugin <= 1.89 at WordPress. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition WordPress Information Disclosure Wp Postratings
NVD
CVSS 3.1
3.1
EPSS
0.4%
CVE-2022-36876 LOW Monitor

Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Samsung Pass
NVD
CVSS 3.1
2.4
EPSS
0.3%
CVE-2022-36857 LOW Monitor

Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android Photo Editor
NVD
CVSS 3.1
2.4
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy