Skip to main content
CVE-2022-38613 MEDIUM POC This Month

A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Smartvista Cardgen
NVD VulDB
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-38266 MEDIUM POC PATCH This Month

An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tesseract Leptonica Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-36087 MEDIUM POC PATCH This Month

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Oauthlib Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-37299 MEDIUM POC This Month

An issue was discovered in Shirne CMS 1.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Shirne Cms
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2022-2905 MEDIUM POC This Month

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Authentication Bypass Buffer Overflow Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38639 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Community Posting field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Markdown Nice
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40317 MEDIUM POC PATCH This Month

OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openkm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-2925 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Appwrite
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-3147 MEDIUM This Month

Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-36873 MEDIUM This Month

Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Watch Plugin
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-36872 MEDIUM This Month

Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Samsung Pay Samsung Pay Kr
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-36871 MEDIUM This Month

Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Samsung Pay Samsung Pay Kr
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-36870 MEDIUM This Month

Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Samsung Pay Samsung Pay Kr
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-26392 MEDIUM This Month

The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Spectrum Wireless Battery Module Firmware Sigma Spectrum 35700Bax Firmware Sigma Spectrum 35700Bax2 Firmware Baxter Spectrum Iq 35700Bax3 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2528 MEDIUM This Month

In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Octopus Server
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-38096 MEDIUM This Month

A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2022-36109 MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Docker Moby Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.8%
CVE-2022-36874 MEDIUM This Month

Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Watch Plugin
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2022-39810 MEDIUM This Month

An issue was discovered in WSO2 Enterprise Integrator 6.4.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Integrator
NVD
CVSS 3.1
6.1
EPSS
57.3%
CVE-2022-39809 MEDIUM This Month

An issue was discovered in WSO2 Enterprise Integrator 6.4.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Integrator
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-36869 MEDIUM This Month

Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Contacts Provider
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2022-40133 MEDIUM This Month

A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-3169 MEDIUM This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Denial Of Service Linux Kernel Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3077 MEDIUM PATCH This Month

A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Linux Intel Buffer Overflow Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-38457 MEDIUM This Month

A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-38081 MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-38064 MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36875 MEDIUM This Month

Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Galaxy Watch Plugin
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36867 MEDIUM This Month

Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Editor Lite
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36854 MEDIUM This Month

Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-36848 MEDIUM This Month

Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-36280 MEDIUM This Month

An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Denial Of Service Buffer Overflow Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-34165 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40191 MEDIUM This Month

Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Contact Form By Mega Forms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37407 MEDIUM This Month

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Gallery Photoblocks
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-26394 MEDIUM This Month

The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Spectrum Wireless Battery Module Firmware Sigma Spectrum 35700Bax Firmware Sigma Spectrum 35700Bax2 Firmware Baxter Spectrum Iq 35700Bax3 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-38067 MEDIUM This Month

Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar - Calendar plugin <= 1.4.6 at WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Event Calendar
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-36861 MEDIUM This Month

Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-36617 MEDIUM This Month

Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arq Backup
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2022-38068 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apasionados Export Post Info plugin <= 1.1.0 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Export Post Info
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-37412 MEDIUM This Month

Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Galerio & Urda's Better Delete Revision plugin <= 1.6.1 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Better Delete Revision
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-37404 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Salazar's add2fav plugin <= 1.0 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Add2Fav
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-37403 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nikhil Vaghela's Add User Role plugin <= 0.0.1 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Add User Role
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-37335 MEDIUM This Month

Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in WHA's Word Search Puzzles game plugin <= 2.0.1 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Word Search Puzzles
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-36859 MEDIUM This Month

Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim&#39;s devices. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Smarttagplugin
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-36356 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin <= 4.0.1 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Culture Object
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-35725 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hans Matzen's wp-forecast plugin <= 7.5 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wp Forecast
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-35275 MEDIUM This Month

Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin <= 3.3.1 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Advanced Order Export For Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-36850 MEDIUM This Month

Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid. Rated medium severity (CVSS 4.7). No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2022-40307 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.19.8. Rated medium severity (CVSS 4.7).

Linux Race Condition Information Disclosure Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy