Skip to main content
CVE-2022-42095 MEDIUM POC This Month

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Backdrop Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
1.9%
CVE-2022-41935 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-36337 HIGH This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-40304 HIGH PATCH This Week

An issue was discovered in libxml2 before 2.10.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Libxml2 Active Iq Unified Manager Clustered Data Ontap Clustered Data Ontap Antivirus Connector +13
NVD
CVSS 3.1
7.8
EPSS
6.8%
CVE-2022-43751 HIGH This Week

McAfee Total Protection prior to version 16.0.49 contains an uncontrolled search path element vulnerability due to the use of a variable pointing to a subdirectory that may be controllable by an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Total Protection
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-34830 HIGH This Week

An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Utgard Gpu Kernel Driver
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-40303 HIGH PATCH This Week

An issue was discovered in libxml2 before 2.10.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Libxml2 Active Iq Unified Manager Clustered Data Ontap +14
NVD
CVSS 3.1
7.5
EPSS
22.8%
CVE-2022-41927 HIGH PATCH This Week

XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Xwiki
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
CVE-2022-40770 HIGH This Week

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Command Injection Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp Manageengine Supportcenter Plus
NVD
CVSS 3.1
7.2
EPSS
82.5%
CVE-2022-41933 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-40772 MEDIUM PATCH This Month

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zoho Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp Manageengine Supportcenter Plus +1
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2022-42895 MEDIUM PATCH This Month

There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Linux Google Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-4045 MEDIUM PATCH This Month

A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-4019 MEDIUM This Month

A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-38114 MEDIUM This Month

This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Security Event Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-45150 MEDIUM PATCH This Month

A reflected cross-site scripting vulnerability was discovered in Moodle. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Moodle Fedora
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-45873 MEDIUM PATCH This Month

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Systemd Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35501 MEDIUM This Month

Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Adobe Blog Pro
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-35500 MEDIUM This Month

Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Blog Pro
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37774 MEDIUM This Month

There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Maarch Rm
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-45151 MEDIUM PATCH This Month

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Moodle Fedora
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-45149 MEDIUM PATCH This Month

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Moodle Fedora
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-45472 MEDIUM This Month

CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Learningspace Enterprise
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-38147 MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Framework
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37421 MEDIUM PATCH This Month

Silverstripe silverstripe/cms through 4.11.0 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Silverstripe
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-38145 MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Framework
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-37430 MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Framework
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37429 MEDIUM PATCH This Month

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Framework
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-41932 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-38115 MEDIUM This Month

Insecure method vulnerability in which allowed HTTP methods are disclosed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Security Event Manager
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-38113 MEDIUM This Month

This vulnerability discloses build and services versions in the server response header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Security Event Manager
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-40771 MEDIUM PATCH This Month

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Information Disclosure Zoho XXE Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +2
NVD
CVSS 3.1
4.9
EPSS
3.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy