Skip to main content
CVE-2022-42893 HIGH This Week

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Syngo Dynamics Cardiovascular Imaging And Information System
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-42891 HIGH This Week

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Syngo Dynamics Cardiovascular Imaging And Information System
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-42734 HIGH This Week

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Syngo Dynamics Cardiovascular Imaging And Information System
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-42733 HIGH This Week

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Syngo Dynamics Cardiovascular Imaging And Information System
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-42732 HIGH This Week

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Syngo Dynamics Cardiovascular Imaging And Information System
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-42982 HIGH This Week

BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bkg Professional Ntripcaster
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-28766 HIGH This Week

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Code Injection Meetings Rooms
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2022-39179 HIGH This Week

College Management System v1.0 - Authenticated remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE SQLi College Management System
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-41791 MEDIUM This Month

Auth. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection WordPress Profilegrid
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2022-20460 MEDIUM This Month

In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the memory mapping due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20459 MEDIUM This Month

In (TBD) of (TBD), there is a possible way to redirect code execution due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Google Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20428 MEDIUM This Month

In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20427 MEDIUM This Month

In (TBD) of (TBD), there is a possible way to corrupt memory due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-43332 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wondercms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-41132 MEDIUM This Month

Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Ezoic
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-39181 MEDIUM This Month

GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Reports
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-36357 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ultimate Tables
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-45375 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Ifeature Slider
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-38390 MEDIUM PATCH This Month

Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-42954 MEDIUM This Month

Keyfactor EJBCA before 7.10.0 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Kefactor Ejbca
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-39834 MEDIUM This Month

A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Primekey Ejbca
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-42960 MEDIUM This Month

EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Equalweb Accessibility Widget
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-39178 MEDIUM This Month

Webvendome - webvendome Internal Server IP Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Webvendome
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-3090 MEDIUM This Month

Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Crimson
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-42892 MEDIUM This Month

A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Syngo Dynamics Cardiovascular Imaging And Information System
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-40751 MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Urbancode Deploy
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-44736 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Chameleon
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-44591 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Anthologize
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-41315 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Ezoic
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-40694 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS News Announcement Scroll
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-42985 MEDIUM PATCH This Month

The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Scratch Login
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-45072 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Wpml
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-38461 MEDIUM This Month

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Wpml
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-42903 LOW Monitor

Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Supportcenter Plus
NVD
CVSS 3.1
3.3
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy