Skip to main content
CVE-2022-35155 MEDIUM POC This Month

Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bus Pass Management System
NVD GitHub Exploit-DB VulDB
CVSS 3.1
6.1
EPSS
2.6%
CVE-2022-1959 MEDIUM POC This Month

AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Applock
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2022-40923 MEDIUM POC This Month

A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lief
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-37461 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Medical Vitrea View
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-41847 MEDIUM POC This Month

An issue was discovered in Bento4 1.6.0-639. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-41846 MEDIUM POC This Month

An issue was discovered in Bento4 1.6.0-639. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-41845 MEDIUM POC This Month

An issue was discovered in Bento4 1.6.0-639. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-41844 MEDIUM POC PATCH This Month

An issue was discovered in Xpdf 4.04. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-41843 MEDIUM POC This Month

An issue was discovered in Xpdf 4.04. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-41842 MEDIUM POC PATCH This Month

An issue was discovered in Xpdf 4.04. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-41841 MEDIUM POC This Month

An issue was discovered in Bento4 through 1.6.0-639. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2922 MEDIUM POC PATCH This Month

Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Dotnetnuke
NVD GitHub
CVSS 3.1
4.9
EPSS
1.0%
CVE-2022-20662 MEDIUM This Month

A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple Duo
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-20930 MEDIUM This Month

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Catalyst Sd Wan Manager Sd Wan Vbond Orchestrator Sd Wan Vmanage +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-20855 MEDIUM This Month

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Apple Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-20945 MEDIUM This Month

A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Buffer Overflow Catalyst 9800 L Firmware Catalyst 9800 40 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-20810 MEDIUM This Month

A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Apple Ios Xe
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-20769 MEDIUM This Month

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Cisco Denial Of Service Buffer Overflow Wireless Lan Controller Software
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-36965 MEDIUM This Month

Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Solarwinds Platform
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-32540 MEDIUM This Month

Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Bosch Video Management System Videojet Decoder 7513 Firmware
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-28851 MEDIUM This Month

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Experience Manager
NVD
CVSS 3.1
5.4
EPSS
36.8%
CVE-2022-21826 MEDIUM This Month

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Request Smuggling XSS Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
5.4
EPSS
45.2%
CVE-2022-20844 MEDIUM This Month

A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Sd Wan
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-23726 MEDIUM This Month

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Pingcentral
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-20728 MEDIUM This Month

A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Aironet 1542D Firmware Aironet 1542I Firmware Aironet 1562I Firmware +23
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2022-41850 MEDIUM This Month

roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a. Rated medium severity (CVSS 4.7). No vendor patch available.

Linux Race Condition Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2022-40316 MEDIUM PATCH This Month

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41849 MEDIUM This Month

drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Linux Race Condition Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
4.2
EPSS
0.3%
CVE-2022-41848 MEDIUM This Month

drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl,. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Linux Race Condition Information Disclosure Linux Kernel
NVD
CVSS 3.1
4.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy