Skip to main content
CVE-2022-3349 MEDIUM POC This Month

A vulnerability was found in Sony PS4 and PS5. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Playstation 4 Firmware Playstation 5 Firmware
NVD VulDB
CVSS 3.1
6.8
EPSS
0.5%
CVE-2022-31629 MEDIUM POC THREAT This Month

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-`. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
49.3%
CVE-2022-40912 MEDIUM POC This Month

ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Etap Safety Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3333 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zephyr Project Manager
NVD VulDB WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-3348 MEDIUM POC PATCH This Month

Just like in the previous report, an attacker could steal the account of different users. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Tooljet
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-3292 MEDIUM POC PATCH This Month

Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rdiffweb
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2022-32170 MEDIUM POC This Month

The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bytebase
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-32169 MEDIUM POC This Month

The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bytebase
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-3287 MEDIUM PATCH This Month

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fwupd
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-36771 MEDIUM PATCH This Month

IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Qradar User Behavior Analytics
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-35282 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

SSRF Information Disclosure IBM Websphere Application Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-39034 MEDIUM This Month

Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Smart Evision
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-39029 MEDIUM This Month

Smart eVision has inadequate authorization for the database query function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Smart Evision
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-3193 MEDIUM This Month

An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Ovirt Engine
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-28816 MEDIUM This Month

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy is prone to reflected XSS which only affects the Sentilo service. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpy Car Park Server Uwp 3 0 Monitoring Gateway And Controller Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-32166 MEDIUM PATCH This Month

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Open Vswitch Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-39054 MEDIUM This Month

Cowell enterprise travel management system has insufficient filtering for special characters within web URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cowell Enterprise Travel Management System
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39053 MEDIUM This Month

Heimavista Rpage has insufficient filtering for platform web URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dark Horse Rpage
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39035 MEDIUM This Month

Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smart Evision
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39264 MEDIUM PATCH This Month

nheko is a desktop client for the Matrix communication application. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Nheko Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-38699 MEDIUM This Month

Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Armoury Crate Service
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-31628 MEDIUM This Month

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service PHP Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-35722 MEDIUM PATCH This Month

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz For Service Management
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-22387 MEDIUM PATCH This Month

IBM Application Gateway is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Application Gateway
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-39246 MEDIUM PATCH This Month

matrix-android-sdk2 is the Matrix SDK for Android. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Google Authentication Bypass Software Development Kit
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-36781 MEDIUM This Month

ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Screenconnect
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-23716 MEDIUM This Month

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Elastic Cloud Enterprise
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-39236 MEDIUM PATCH This Month

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Javascript Sdk
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-39031 MEDIUM This Month

Smart eVision has insufficient authorization for task acquisition function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smart Evision
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-29089 MEDIUM This Month

Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Smartfabric Os10
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-2760 MEDIUM PATCH This Month

In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Octopus Server
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy