Skip to main content
CVE-2022-41376 MEDIUM POC This Month

Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Metro Ui
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-40047 MEDIUM POC This Month

Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Flatpress
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.4%
CVE-2022-42236 MEDIUM POC This Month

A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Merchandise Online Store
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-42235 MEDIUM POC This Month

A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Student Clearance System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-32175 MEDIUM POC PATCH This Month

In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Adguardhome
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-38017 MEDIUM PATCH This Month

StorSimple 8000 Series Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Storsimple 8010 Firmware Storsimple 8020 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2022-20412 MEDIUM PATCH This Month

In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20409 MEDIUM PATCH This Month

In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Denial Of Service Google Privilege Escalation Memory Corruption Use After Free +1
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2022-34434 MEDIUM PATCH This Month

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Authentication Bypass Dell PostgreSQL Cloud Mobility For Dell Emc Storage
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-38032 MEDIUM PATCH This Month

Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2022-41550 MEDIUM This Month

GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Osip
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-39015 MEDIUM This Month

Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Business Objects Business Intelligence Platform
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-38033 MEDIUM PATCH This Month

Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-38001 MEDIUM PATCH This Month

Microsoft Office Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-37977 MEDIUM PATCH This Month

Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Windows 10 Windows 11 Windows 7 Windows 8 1 +6
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2022-37974 MEDIUM PATCH This Month

Windows Mixed Reality Developer Tools Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11
NVD
CVSS 3.1
6.5
EPSS
36.3%
CVE-2022-35770 MEDIUM PATCH This Month

Windows NTLM Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-34431 MEDIUM PATCH This Month

Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Dell Hybrid Client
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-33746 MEDIUM PATCH This Month

P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3140 MEDIUM This Month

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Libreoffice Debian Linux Fedora
NVD
CVSS 3.1
6.3
EPSS
4.4%
CVE-2022-39800 MEDIUM This Month

SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-35226 MEDIUM This Month

SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Data Services
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-33978 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin <= 1.08 at WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Fontmeister
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-40631 MEDIUM This Month

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Scalance X200 4P Irt Firmware Scalance X201 3P Irt Firmware Scalance X201 3P Irt Pro Firmware +27
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-37965 MEDIUM PATCH This Month

Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Microsoft Denial Of Service Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
5.9
EPSS
1.4%
CVE-2022-40177 MEDIUM PATCH This Month

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Desigo Pxm30 1 Firmware Desigo Pxm30 E Firmware Desigo Pxm40 1 Firmware Desigo Pxm40 E Firmware +6
NVD
CVSS 3.1
5.7
EPSS
0.8%
CVE-2022-33748 MEDIUM PATCH This Month

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. Rated medium severity (CVSS 5.6).

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
5.6
EPSS
0.2%
CVE-2022-41183 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41182 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Parasolid Part and Assembly (.x_b, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41181 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author -. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41178 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41176 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41174 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Right Hemisphere Material (.rhm, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41173 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41171 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41169 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41166 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39807 MEDIUM This Month

Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author -. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SAP Buffer Overflow 3D Visual Enterprise Author
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20440 MEDIUM This Month

In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259918. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20439 MEDIUM This Month

In Messaging, There has unauthorized provider, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242266172. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20438 MEDIUM This Month

In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259920. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20437 MEDIUM This Month

In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242258929. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20425 MEDIUM PATCH This Month

In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent degradation of performance due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20413 MEDIUM PATCH This Month

In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-20351 MEDIUM PATCH This Month

In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure SQLi Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-38043 MEDIUM PATCH This Month

Windows Security Support Provider Interface Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-38026 MEDIUM PATCH This Month

Windows DHCP Client Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-38025 MEDIUM PATCH This Month

Windows Distributed File System (DFS) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 11 Windows Server 2022
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-37996 MEDIUM PATCH This Month

Windows Kernel Memory Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-37985 MEDIUM PATCH This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 11 Windows 7 +7
NVD
CVSS 3.1
5.5
EPSS
38.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy