Skip to main content
CVE-2022-38121 MEDIUM POC This Month

UPSMON PRO configuration file stores user password in plaintext under public user directory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Upsmon Pro
NVD
CVSS 3.1
6.5
EPSS
3.4%
CVE-2022-38120 MEDIUM POC This Month

UPSMON PRO’s has a path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Upsmon Pro
NVD
CVSS 3.1
6.5
EPSS
5.6%
CVE-2022-45130 MEDIUM POC This Month

Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Obsidian
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-35740 MEDIUM POC This Month

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Tomcat XSS Dotcms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-26088 MEDIUM POC This Month

An issue was discovered in BMC Remedy before 22.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Remedy It Service Management Suite
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2022-43753 MEDIUM POC This Month

A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Python Tomcat Manager Server +1
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-40225 MEDIUM PATCH This Month

A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Siplus Tim 1531 Irc Firmware
NVD
CVSS 4.0
6.9
EPSS
0.6%
CVE-2022-39398 MEDIUM PATCH This Month

tasklists is a tasklists plugin for GLPI (Kanban). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tasklists
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-34666 MEDIUM This Month

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux Microsoft Nvidia +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-42460 MEDIUM This Month

Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Traffic Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-43754 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Java XSS Manager Server Uyuni
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-42786 MEDIUM This Month

Multiple W&T Products of the ComServer Series are prone to an XSS attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS At Modem Emulator Firmware Com Server Firmware Com Server 20Ma Firmware Com Server Highspeed 100Basefx Firmware +13
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-43679 MEDIUM This Month

The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Owncloud
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-41876 MEDIUM PATCH This Month

ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ezplatform Graphql
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2022-36022 MEDIUM This Month

Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Deeplearning4J
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-3818 MEDIUM This Month

An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-3793 MEDIUM This Month

An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-41874 MEDIUM PATCH This Month

Tauri is a framework for building binaries for all major desktop platforms. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Apple Microsoft Tauri
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2022-31255 MEDIUM This Month

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Java Python Tomcat Manager Server +1
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-3867 MEDIUM PATCH This Month

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Nomad
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-3866 MEDIUM PATCH This Month

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Nomad
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-3819 MEDIUM This Month

An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-3706 MEDIUM This Month

Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-3413 MEDIUM This Month

Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy