Skip to main content
CVE-2022-37929 MEDIUM This Month

Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Sf100 Firmware Sf300 Firmware Hf60C Firmware +6
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-37911 MEDIUM This Month

Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE Sd Wan Arubaos
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-46906 MEDIUM This Month

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Websoft Hcm
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-46904 MEDIUM This Month

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Websoft Hcm
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-46903 MEDIUM This Month

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Websoft Hcm
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-3853 MEDIUM This Month

Cross-site Scripting (XSS) is a client-side code injection attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF XSS Supra Csv Parser
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-37926 MEDIUM This Month

A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba XSS Edgeconnect Enterprise
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-46687 MEDIUM PATCH This Month

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins XSS Spring Config
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-46686 MEDIUM PATCH This Month

Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Custom Build Properties
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-46684 MEDIUM PATCH This Month

Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Checkmarx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37909 MEDIUM This Month

Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Aruba Sd Wan Arubaos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-20688 MEDIUM This Month

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Cisco Buffer Overflow Ata 190 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-20687 MEDIUM This Month

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Buffer Overflow Ata 190 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-20686 MEDIUM This Month

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Ata 190 Firmware Ata 191 Firmware +1
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-42445 MEDIUM This Month

HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hcl Launch
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-22488 MEDIUM This Month

IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Power System Ac922 8335 Gtg Firmware Power System Ac922 8335 Gth Firmware Power System Ac922 8335 Gtx Firmware
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-32537 MEDIUM This Month

A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system. Rated medium severity (CVSS 4.8). No vendor patch available.

Authentication Bypass Guardian Link 2 Transmitter Mmt 7730 Firmware Guardian Link 2 Transmitter Mmt 7731 Firmware Guardian Link 2 Transmitter Mmt 7738 Firmware Guardian Link 2 Transmitter Mmt 7775 Firmware +24
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2022-3906 MEDIUM This Month

The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Easy Form Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-3609 MEDIUM This Month

The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Getyourguide Ticketing
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-41263 MEDIUM This Month

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP CSRF Authentication Bypass Business Objects Business Intelligence Platform
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-46685 MEDIUM PATCH This Month

In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitea Jenkins
NVD
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy