Skip to main content
CVE-2022-4364 MEDIUM POC THREAT This Month

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%.

Command Injection PHP Flir Ax8 Firmware
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
13.4%
CVE-2022-4349 MEDIUM POC This Month

A vulnerability classified as problematic has been found in CTF-hacker pwn. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Authentication Bypass Pwn
NVD VulDB
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-38599 MEDIUM POC This Month

Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Teleport
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-23469 MEDIUM POC PATCH This Month

Traefik is an open source HTTP reverse proxy and load balancer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Traefik
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-4261 MEDIUM POC This Month

Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insightvm Nexpose
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-4350 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mcms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4348 MEDIUM POC This Month

A vulnerability was found in y_project RuoYi-Cloud. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ruoyi Cloud
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4353 MEDIUM POC This Month

A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pb Cms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-4347 MEDIUM POC This Month

A vulnerability was found in xiandafu beetl-bbs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Beetl Bbs
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-40939 MEDIUM POC This Month

In certain Secustation products the administrator account password can be read. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Secustation Firmware
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2022-3260 MEDIUM POC This Month

The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openshift
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-39911 MEDIUM This Month

Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Pass
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-46153 MEDIUM PATCH This Month

Traefik is an open source HTTP reverse proxy and load balancer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Traefik
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-39901 MEDIUM This Month

Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Exynos Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-23494 MEDIUM PATCH This Month

tinymce is an open source rich text editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tinymce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-46827 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

SSRF XXE Intellij Idea
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-46826 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Intellij Idea
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-45118 MEDIUM This Month

OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-39915 MEDIUM This Month

Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Calendar
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-39909 MEDIUM This Month

Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51 allows local attackers to create arbitrary file using symbolic link. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Gear Iconx Pc Manager
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-39905 MEDIUM This Month

Implicit intent hijacking vulnerability in Telecom application prior to SMR Dec-2022 Release 1 allows attacker to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-39897 MEDIUM This Month

Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-41947 MEDIUM This Month

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dhis 2
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-38754 MEDIUM This Month

A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java XSS Operations Bridge Operations Bridge Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-41717 MEDIUM PATCH This Month

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Go Http2 Fedora
NVD
CVSS 3.1
5.3
EPSS
5.6%
CVE-2022-46830 MEDIUM This Month

In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-4122 MEDIUM PATCH This Month

A vulnerability was found in buildah. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Podman Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-45877 MEDIUM This Month

OpenHarmony-v3.1.4 and prior versions had an vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-46831 MEDIUM This Month

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2022-39900 MEDIUM This Month

Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2022-46158 MEDIUM PATCH This Month

PrestaShop is an open-source e-commerce solution. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Prestashop
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-41949 MEDIUM PATCH This Month

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Dhis 2
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-39899 MEDIUM This Month

Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-39910 MEDIUM This Month

Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Samsung Pass
NVD
CVSS 3.1
4.2
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy