Skip to main content
CVE-2022-39290 MEDIUM POC PATCH This Month

ZoneMinder is a free, open source Closed-circuit television software application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass CSRF Zoneminder
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
5.4%
CVE-2022-3423 MEDIUM POC PATCH This Month

Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Nocodb
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-41442 MEDIUM POC PATCH This Month

PicUploader v2.6.3 was discovered to contain cross-site scripting (XSS) vulnerability via the setStorageParams function in SettingController.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Picuploader
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-39291 MEDIUM POC PATCH This Month

ZoneMinder is a free, open source Closed-circuit television software application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection PHP Zoneminder
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
5.1%
CVE-2022-39285 MEDIUM POC PATCH This Month

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Zoneminder
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
3.7%
CVE-2022-41392 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Total Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-32593 MEDIUM This Month

In vowe, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-32592 MEDIUM This Month

In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-32590 MEDIUM This Month

In wlan, there is a possible use after free due to an incorrect status check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26475 MEDIUM This Month

In wlan, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Privilege Escalation Buffer Overflow Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26474 MEDIUM This Month

In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26473 MEDIUM This Month

In vdec fmt, there is a possible use after free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-26452 MEDIUM This Month

In isp, there is a possible use after free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-31681 MEDIUM PATCH This Month

VMware ESXi contains a null-pointer deference vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

VMware Null Pointer Dereference Denial Of Service Cloud Foundation ESXi
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-39287 MEDIUM PATCH This Month

tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Node.js Tiny Csrf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-37894 MEDIUM This Month

An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Aruba Denial Of Service Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-21936 MEDIUM This Month

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Metasys Extended Application And Data Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-41291 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-36772 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-2929 MEDIUM This Month

In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dhcp Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2928 MEDIUM This Month

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Dhcp Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-37896 MEDIUM This Month

A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Aruba XSS Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-34308 MEDIUM PATCH This Month

IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

IBM Denial Of Service Cics Tx
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-30613 MEDIUM PATCH This Month

IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39878 MEDIUM This Month

Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Checkout
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39874 MEDIUM This Month

Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Account
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39857 MEDIUM This Month

Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Factorycamerafb
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-37892 MEDIUM This Month

A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba XSS Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-41414 MEDIUM PATCH This Month

An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Liferay Portal
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-39877 MEDIUM This Month

Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Group Sharing
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-39847 MEDIUM This Month

Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Android
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-37895 MEDIUM This Month

An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Denial Of Service Arubaos Instant Scalance W1750D Firmware
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-39863 MEDIUM This Month

Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Account
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2022-39873 MEDIUM This Month

Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Internet
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2022-39875 MEDIUM This Month

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Account
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-39855 MEDIUM This Month

Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy