Skip to main content
CVE-2022-37884 HIGH This Week

A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an unauthenticated attacker to send specific operations which result in a Denial-of-Service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba Denial Of Service Clearpass Policy Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-37395 HIGH This Week

A Huawei device has an input verification vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei Cv81 Wdm Fw Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-37972 HIGH PATCH This Week

Microsoft Endpoint Configuration Manager Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Endpoint Configuration Manager
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-38955 HIGH This Week

An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Netgear Authentication Bypass Wpn824Ext Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-37259 HIGH This Week

A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Steal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-3079 HIGH This Week

Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Cpx Cmxx Firmware Cpx Cec C1 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-34917 HIGH PATCH This Week

A security vulnerability has been identified in Apache Kafka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Kafka
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-39958 HIGH PATCH This Week

The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-39957 HIGH PATCH This Week

The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-37883 HIGH This Week

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-37882 HIGH This Week

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-37881 HIGH This Week

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-37880 HIGH This Week

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-37879 HIGH This Week

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-37878 HIGH This Week

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2022-38340 HIGH PATCH This Week

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Fme Server
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-35957 MEDIUM PATCH This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Grafana Fedora
NVD GitHub
CVSS 3.1
6.6
EPSS
1.3%
CVE-2022-32880 MEDIUM This Month

This issue was addressed by enabling hardened runtime. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Information Disclosure macOS
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-33735 MEDIUM This Month

There is a password verification vulnerability in WS7200-10 11.0.2.13. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ws7200 10 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-39220 MEDIUM PATCH This Month

SFTPGo is an SFTP server written in Go. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sftpgo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-34746 MEDIUM PATCH This Month

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Zyxel Information Disclosure Gs1900 8 Firmware Gs1900 8Hp Firmware Gs1900 10Hp Firmware +7
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-32883 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-32864 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-32854 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-32861 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari macOS
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-38956 MEDIUM This Month

An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Netgear Information Disclosure Wpn824Ext Firmware
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-32868 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-32795 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-32872 LOW Monitor

A logic issue was addressed with improved restrictions. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Ipados Iphone Os
NVD
CVSS 3.1
2.4
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy