Skip to main content
CVE-2022-43685 HIGH PATCH This Week

CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ckan
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-41937 HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-2791 HIGH This Week

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Proficy
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41942 HIGH PATCH This Week

Sourcegraph is a code intelligence platform. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Command Injection Sourcegraph
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-3910 HIGH PATCH This Week

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Linux Use After Free Memory Corruption +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-41131 HIGH PATCH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Apache Command Injection Airflow Apache Airflow Providers Apache Hive
NVD GitHub
CVSS 3.1
7.8
EPSS
1.8%
CVE-2022-37931 HIGH This Week

A vulnerability in NetBatch-Plus software allows unauthorized access to the application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Nonstop Netbatch Plus
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-35407 HIGH This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Memory Corruption RCE Buffer Overflow Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-0222 HIGH This Week

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp342010 Firmware +11
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-37301 HIGH This Week

A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Modicon M340 Bmx P34 2010 Firmware Modicon M340 Bmx P34 2030 Firmware Modicon M580 Bmeh582040 Firmware +45
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41936 HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41943 HIGH PATCH This Week

sourcegraph is a code intelligence platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Sourcegraph
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-41223 MEDIUM KEV THREAT This Month

The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Mivoice Connect
NVD
CVSS 3.1
6.8
EPSS
10.6%
CVE-2022-40765 MEDIUM KEV THREAT This Month

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Mivoice Connect
NVD
CVSS 3.1
6.8
EPSS
10.5%
CVE-2022-44737 MEDIUM This Month

Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) - Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF All In One Wp Security Firewall
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2022-39067 MEDIUM This Month

There is a buffer overflow vulnerability in ZTE MF286R. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Denial Of Service Buffer Overflow Mf286R Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-38462 MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Framework
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-43708 MEDIUM PATCH This Month

MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Mybb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-43707 MEDIUM PATCH This Month

MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Mybb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-39199 MEDIUM PATCH This Month

immudb is a database with built-in cryptographic proof and verification. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Immudb
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2022-2513 MEDIUM This Month

A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass 650Connectivitypackage 670Connectivitypackage Gms600Connectivitypackage Pcm600 +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-40954 MEDIUM PATCH This Month

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Apache Command Injection Airflow Apache Airflow Providers Apache Spark
NVD GitHub
CVSS 3.1
5.5
EPSS
1.4%
CVE-2022-40228 MEDIUM This Month

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Datapower Gateway
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-45363 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Betheme
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-41952 MEDIUM PATCH This Month

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Synapse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-3500 MEDIUM PATCH This Month

A vulnerability was found in keylime. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Information Disclosure Keylime Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.1
EPSS
0.2%
CVE-2022-43709 MEDIUM PATCH This Month

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

SQLi Mybb
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-39397 MEDIUM PATCH This Month

aliyun-oss-client is a rust client for Alibaba Cloud OSS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Aliyun Oss Client
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy