Skip to main content
CVE-2022-32287 HIGH PATCH This Week

A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Java Uimaj
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-43451 MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Openharmony
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-40235 MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-40230 MEDIUM PATCH This Month

"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Mq Appliance
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-34339 MEDIUM PATCH This Month

"IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Cognos Analytics
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-22442 MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-39376 MEDIUM This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-2696 MEDIUM PATCH This Month

The Restaurant Menu - Food Ordering System - Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Restaurant Menu Food Ordering System Table Reservation
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2022-44628 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress 4Ecps Web Forms
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2022-38712 MEDIUM PATCH This Month

"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass IBM Websphere Application Server
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2022-43449 MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3675 MEDIUM This Month

Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fedora Coreos
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36404 MEDIUM This Month

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Simple Seo
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-44627 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemaps. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Simple Seo
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-35642 MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-30615 MEDIUM PATCH This Month

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-39375 MEDIUM This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-39372 MEDIUM This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-39371 MEDIUM This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-38710 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-44646 MEDIUM This Month

In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-44622 MEDIUM This Month

In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-36428 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Rock Convert
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-39373 MEDIUM This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-40131 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Page View Count
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-35279 MEDIUM PATCH This Month

"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Business Automation Workflow
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-39370 MEDIUM This Month

GLPI stands for Gestionnaire Libre de Parc Informatique. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP Glpi
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-42442 LOW Monitor

IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy