Skip to main content
CVE-2022-38388 MEDIUM PATCH This Month

IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Authentication Bypass IBM Navigator Mobile
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41206 MEDIUM This Month

SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-35297 MEDIUM This Month

The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Enable Now
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-3453 MEDIUM This Month

A vulnerability was found in SourceCodester Book Store Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Book Store Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-3452 MEDIUM This Month

A vulnerability was found in SourceCodester Book Store Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Book Store Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40178 MEDIUM PATCH This Month

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Desigo Pxm30 1 Firmware Desigo Pxm30 E Firmware Desigo Pxm40 1 Firmware Desigo Pxm40 E Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41035 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Microsoft Race Condition Google Information Disclosure Edge Chromium
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2022-33749 MEDIUM PATCH This Month

XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xapi
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-40180 MEDIUM PATCH This Month

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Desigo Pxm30 1 Firmware Desigo Pxm30 E Firmware Desigo Pxm40 1 Firmware Desigo Pxm40 E Firmware +6
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-36363 MEDIUM PATCH This Month

A vulnerability has been identified in LOGO!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Logo 8 Bm Firmware Logo 8 Bm Fs 05 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-41210 MEDIUM This Month

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure SAP Customer Data Cloud
NVD
CVSS 3.1
5.2
EPSS
0.4%
CVE-2022-41209 MEDIUM This Month

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure SAP Customer Data Cloud
NVD
CVSS 3.1
5.2
EPSS
0.2%
CVE-2022-20394 MEDIUM PATCH This Month

In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2022-35296 MEDIUM This Month

Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Businessobjects Business Intelligence
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-31682 MEDIUM This Month

VMware Aria Operations contains an arbitrary file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure VMware Vrealize Operations
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-35829 MEDIUM PATCH This Month

Service Fabric Explorer Spoofing Vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Azure Service Fabric
NVD
CVSS 3.1
4.8
EPSS
19.8%
CVE-2022-20423 MEDIUM PATCH This Month

In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2022-38086 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Shortcodes Ultimate
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-38030 MEDIUM PATCH This Month

Windows USB Serial Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows Server 2019 +1
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-37981 MEDIUM PATCH This Month

Windows Event Logging Service Denial of Service Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
4.3
EPSS
2.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy