Skip to main content
CVE-2022-35860 MEDIUM POC This Month

Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Code Injection K63 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-43023 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Opencats
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43022 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Opencats
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43021 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Opencats
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43020 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Opencats
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-41707 MEDIUM POC This Month

Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Messenger
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43038 MEDIUM POC This Month

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadCache() function in mp42ts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-43037 MEDIUM POC This Month

An issue was discovered in Bento4 1.6.0-639. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-43035 MEDIUM POC This Month

An issue was discovered in Bento4 v1.6.0-639. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-43034 MEDIUM POC This Month

An issue was discovered in Bento4 v1.6.0-639. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-43033 MEDIUM POC This Month

An issue was discovered in Bento4 1.6.0-639. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-43032 MEDIUM POC This Month

An issue was discovered in Bento4 v1.6.0-639. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-43018 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencats
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-43017 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the indexFile component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencats
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-43016 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencats
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-43015 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the entriesPerPage parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencats
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-43014 MEDIUM POC This Month

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencats
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-3607 MEDIUM POC PATCH This Month

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Code Injection Octoprint
NVD GitHub
CVSS 3.1
6.0
EPSS
0.4%
CVE-2022-38901 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Dxp Liferay Portal
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-43045 MEDIUM POC This Month

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43044 MEDIUM POC This Month

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43043 MEDIUM POC This Month

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43039 MEDIUM POC This Month

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43185 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rukovoditel
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-39301 MEDIUM POC This Month

sra-admin is a background rights management system that separates the front and back end. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sra Admin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-39233 MEDIUM POC PATCH This Month

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Gitlab Tuleap
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-41708 MEDIUM POC This Month

Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Messenger
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-25666 MEDIUM PATCH This Month

Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Memory Corruption Qualcomm Use After Free +148
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-41813 MEDIUM This Month

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Firewall Manager Big Ip Policy Enforcement Manager
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-41770 MEDIUM This Month

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ all versions of 8.x and 7.x, an authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2805 MEDIUM This Month

A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Virtualization
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-43419 MEDIUM PATCH This Month

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Katalon
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-43408 MEDIUM PATCH This Month

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Pipeline
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-42466 MEDIUM PATCH This Month

Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Isis
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-41780 MEDIUM This Month

In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal F5Os A F5Os C
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-40885 MEDIUM This Month

Bento4 v1.6.0-639 has a memory allocation issue that can cause denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-40884 MEDIUM This Month

Bento4 1.6.0 has memory leaks via the mp4fragment. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-3586 MEDIUM PATCH This Month

A flaw was found in the Linux kernel’s networking code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-39253 MEDIUM This Month

Git is an open source, scalable, distributed revision control system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Git Fedora Xcode Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-25664 MEDIUM This Month

Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Apq8009 Firmware Apq8052 Firmware Apq8053 Firmware +107
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-25663 MEDIUM This Month

Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Denial Of Service Buffer Overflow Aqt1000 Firmware +30
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-3606 MEDIUM PATCH This Month

A vulnerability was found in Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-43425 MEDIUM This Month

Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Custom Checkbox Parameter
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-43420 MEDIUM PATCH This Month

Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Contrast Continuous Application Security
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-43409 MEDIUM PATCH This Month

Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Pipeline
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-38107 MEDIUM PATCH This Month

Sensitive information could be displayed when a detailed technical error message is posted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sql Sentry
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-43435 MEDIUM This Month

Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins 360 Fireline
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-43434 MEDIUM PATCH This Month

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Neuvector Vulnerability Scanner
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-43428 MEDIUM PATCH This Month

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jenkins Compuware Topaz For Total Test
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-43426 MEDIUM This Month

Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, increasing the potential for attackers to observe and capture it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins S3 Explorer
NVD
CVSS 3.1
5.3
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy