Skip to main content
CVE-2022-40635 HIGH PATCH This Week

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Crafter Cms
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-40634 HIGH PATCH This Week

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Crafter Cms
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-3182 HIGH This Week

Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Remote Desktop Manager
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-34725 HIGH This Week

Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Race Condition Information Disclosure Windows 10 Windows 11 +8
NVD
CVSS 3.1
7.0
EPSS
5.4%
CVE-2022-26928 HIGH This Week

Windows Photo Import API Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Race Condition Information Disclosure Windows 10 Windows 11 +3
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2022-36385 MEDIUM This Month

A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cms8000 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-31324 MEDIUM This Month

An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wapples
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-39816 MEDIUM This Month

In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nokia 1350 Optical Management System
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-35637 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft IBM Denial Of Service Db2
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-22483 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Microsoft Information Disclosure Authentication Bypass +1
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-38342 MEDIUM This Month

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF XXE Fme Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-38006 MEDIUM This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-37959 MEDIUM This Month

Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Windows Server 2012 Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-35837 MEDIUM This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2022-39202 MEDIUM PATCH This Month

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Node.js Privilege Escalation Matrix Irc Bridge
NVD GitHub
CVSS 3.1
6.3
EPSS
0.7%
CVE-2022-39814 MEDIUM This Month

In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nokia Open Redirect 1350 Optical Management System
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-3205 MEDIUM This Month

Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat XSS Ansible Automation Platform
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-36108 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Typo3
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-36020 MEDIUM PATCH This Month

The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Html Sanitizer
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-39799 MEDIUM This Month

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-35298 MEDIUM This Month

SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-38069 MEDIUM This Month

Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cms8000 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-3027 MEDIUM This Month

The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cms8000 Firmware
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2022-20399 MEDIUM PATCH This Month

In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20396 MEDIUM PATCH This Month

In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20393 MEDIUM PATCH This Month

In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-35832 MEDIUM This Month

Windows Event Tracing Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-35831 MEDIUM This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Buffer Overflow Windows 10 Windows 11 +6
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-34728 MEDIUM This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
5.5
EPSS
3.7%
CVE-2022-34723 MEDIUM This Month

Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 11
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-1602 MEDIUM This Month

A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Thinpro
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-37302 MEDIUM PATCH This Month

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Ecostruxure Control Expert
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-34336 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-36107 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-36106 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass PHP Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-35294 MEDIUM This Month

An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure XSS SAP Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-36778 MEDIUM This Month

insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Eharmony
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-38770 MEDIUM This Month

The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch other users' data upon a successful login request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mojodat Fixed Asset Management
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-22330 MEDIUM This Month

IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Control Desk
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-36105 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Typo3
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-39014 MEDIUM This Month

Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-39158 MEDIUM PATCH This Month

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Ruggedcom Ros
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-32244 MEDIUM This Month

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Businessobjects Business Intelligence
NVD
CVSS 3.1
5.2
EPSS
0.5%
CVE-2022-38453 MEDIUM This Month

Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debug_info' compilation settings. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cms8000 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-22329 MEDIUM This Month

IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Control Desk
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-37703 LOW Monitor

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Amanda
NVD GitHub
CVSS 3.1
3.3
EPSS
0.7%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy