Skip to main content
CVE-2022-39222 MEDIUM POC PATCH This Month

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Dex
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-3002 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-39988 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Centreon
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-3376 MEDIUM POC PATCH This Month

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Rdiffweb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-39284 MEDIUM POC PATCH This Month

CodeIgniter is a PHP full-stack web framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure PHP Codeigniter
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-2975 MEDIUM This Month

A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Aura Application Enablement Services
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-41294 MEDIUM This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-40160 MEDIUM This Month

** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Stack Overflow Buffer Overflow Commons Jxpath
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-40159 MEDIUM This Month

** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Stack Overflow Buffer Overflow Commons Jxpath
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-26240 MEDIUM This Month

The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Remisol Advance
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-38709 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-22503 MEDIUM This Month

IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Robotic Process Automation Robotic Process Automation As A Service
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-26238 MEDIUM This Month

The default privileges for the running service Normand Service Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Remisol Advance
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-26236 MEDIUM This Month

The default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Remisol Advance
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-26239 MEDIUM This Month

The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Remisol Advance
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-26237 MEDIUM This Month

The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Remisol Advance
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39279 MEDIUM PATCH This Month

discourse-chat is a plugin for the Discourse message board which adds chat functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discourse Chat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-39270 MEDIUM PATCH This Month

DiscoTOC is a Discourse theme component that generates a table of contents for topics. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discotoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-36774 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-2783 MEDIUM This Month

In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Octopus Server
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-2781 MEDIUM This Month

In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Octopus Server
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-31252 MEDIUM This Month

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Leap Leap Micro Linux Enterprise Server
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-39275 MEDIUM PATCH This Month

Saleor is a headless, GraphQL commerce platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Saleor
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy