Skip to main content
CVE-2021-36898 HIGH This Week

Auth. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Quiz And Survey Master
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-41636 HIGH This Week

Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haas Controller
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-3697 HIGH PATCH This Week

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ansible Ansible Collection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-37426 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Opennebula
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-3322 HIGH This Week

Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Warp Mobile Client
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-3616 HIGH PATCH This Week

Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Octorpki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-3402 MEDIUM PATCH This Month

The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Log Http Requests
NVD VulDB
CVSS 3.1
6.1
EPSS
3.5%
CVE-2022-3228 MEDIUM This Month

Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow H0 Ecom100 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3400 MEDIUM This Month

The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Bricks
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-37424 MEDIUM This Month

Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Opennebula
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-26884 MEDIUM PATCH This Month

Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Path Traversal Dolphinscheduler
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-3018 MEDIUM This Month

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2022-2882 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.7%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy