Skip to main content
CVE-2022-32849 MEDIUM This Month

An information disclosure issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-32848 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32841 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow Ipados Iphone Os +3
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32828 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-32825 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-32823 MEDIUM This Month

A memory initialization issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Mac Os X +3
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-32818 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-32817 MEDIUM This Month

An out-of-bounds read issue was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Buffer Overflow Ipados Iphone Os +3
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-32805 MEDIUM This Month

The issue was addressed with improved handling of caches. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X macOS
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-32800 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Mac Os X macOS
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2022-32789 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-32786 MEDIUM This Month

An issue in the handling of environment variables was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X macOS
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2022-32785 MEDIUM This Month

A null pointer dereference was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Apple Denial Of Service Ipados Iphone Os +2
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-32783 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-28886 MEDIUM This Month

A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cloud Protection For Salesforce Collaboration Protection Elements Endpoint Protection Internet Gatekeeper +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-26707 MEDIUM This Month

An issue in the handling of environment variables was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-22423 MEDIUM PATCH This Month

IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Common Cryptographic Architecture
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38079 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress CSRF Backup Scheduler
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-38439 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Adobe Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-38438 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Adobe Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-40748 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-35721 MEDIUM PATCH This Month

IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-40215 MEDIUM This Month

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in Tabs plugin <= 3.7.1 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Tabs
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-38460 MEDIUM This Month

Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NOTICE BOARD plugin <= 1.1 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Notice Board
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37328 MEDIUM This Month

Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in Themes Awesome History Timeline plugin <= 1.0.5 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Timeline Awesome
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-36791 MEDIUM This Month

Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Awesome UG Torro Forms plugin <= 1.0.16 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Torro Forms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-40213 MEDIUM This Month

Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in GS Testimonial Slider plugin <= 1.9.6 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Gs Testimonial Slider
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-37339 MEDIUM This Month

Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Meet My Team plugin <= 2.0.5 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Meet My Team
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-37338 MEDIUM This Month

Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Blossom Recipe Maker plugin <= 1.0.7 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Blossom Recipe Maker
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-37330 MEDIUM This Month

Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA Crossword plugin <= 1.1.10 at WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wha Crossword
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-2937 MEDIUM PATCH This Month

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Image Hover Effects Ultimate
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-39239 MEDIUM PATCH This Month

netlify-ipx is an on-Demand image optimization for Netlify using ipx. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netlify Ipx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-36340 MEDIUM This Month

Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Mailoptin
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-35238 MEDIUM This Month

Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Awesome Filterable Portfolio
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-40979 MEDIUM This Month

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-40672 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CPO Shortcodes plugin <= 1.5.0 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Cpo Shortcodes
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-40195 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PCA Predict plugin <= 1.0.3 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Loqate
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-37342 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability Add Shortcodes Actions And Filters plugin <= 2.0.9 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Add Shortcodes Actions And Filters
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-38703 MEDIUM This Month

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 9.2 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Maxbuttons
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-3144 MEDIUM PATCH This Month

The Wordfence Security - Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wordfence Security Wordfence
NVD VulDB
CVSS 3.1
4.4
EPSS
0.4%
CVE-2022-32782 MEDIUM This Month

This issue was addressed by enabling hardened runtime. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-32781 MEDIUM This Month

This issue was addressed by enabling hardened runtime. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os Mac Os X +1
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2022-40132 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Seriously Simple Podcasting
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-38704 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Seo Redirection
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-40671 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post - WP Rating System plugin <= 3.3.4 at WordPress. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Rate My Post Wp Rating System
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-38095 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Advanced Dynamic Pricing For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-39231 LOW PATCH Monitor

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Node.js Parse Server
NVD GitHub
CVSS 3.1
3.7
EPSS
0.4%
CVE-2022-40310 LOW Monitor

Authenticated (subscriber+) Race Condition vulnerability in Rate my Post - WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition WordPress Information Disclosure Rate My Post Wp Rating System
NVD
CVSS 3.1
3.1
EPSS
0.4%
CVE-2022-39225 LOW PATCH Monitor

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Node.js Parse Server
NVD GitHub
CVSS 3.1
3.1
EPSS
0.4%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy