Skip to main content
CVE-2022-41115 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Information Disclosure Microsoft Google Edge Chromium
NVD
CVSS 3.1
6.6
EPSS
1.9%
CVE-2022-4171 MEDIUM PATCH This Month

The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Demon Image Annotation
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-44707 MEDIUM This Month

Windows Kernel Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2022-44679 MEDIUM This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-46834 MEDIUM This Month

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rfu650 10100 Firmware Rfu650 10101 Firmware Rfu650 10102 Firmware Rfu650 10103 Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-46833 MEDIUM This Month

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rfu630 04100 Firmware Rfu630 04100S01 Firmware Rfu630 04101 Firmware Rfu630 04102 Firmware +20
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-46832 MEDIUM This Month

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rfu620 10100 Firmware Rfu620 10101 Firmware Rfu620 10102 Firmware Rfu620 10103 Firmware +17
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-45937 MEDIUM PATCH This Month

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions <. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Pxc00 E96 A Firmware Pxc100 E96 A Firmware Pxx 485 3 Firmware Pxc16 2 Pe A Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-27581 MEDIUM This Month

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rfu610 10600 Firmware Rfu610 10601 Firmware Rfu610 10603 Firmware Rfu610 10604 Firmware +8
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-20468 MEDIUM This Month

In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2022-38124 MEDIUM This Month

Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sitemanager 1129 Firmware Sitemanager 3329 Firmware Sitemanager 1529 Firmware Sitemanager 3529 Firmware +8
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-41274 MEDIUM This Month

SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Authentication Bypass Disclosure Management
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-24480 MEDIUM PATCH This Month

Outlook for Android Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.3).

Information Disclosure Microsoft Google Outlook
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2022-23499 MEDIUM PATCH This Month

HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Html Sanitizer
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4456 MEDIUM PATCH This Month

A vulnerability has been found in falling-fruit and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Falling Fruit
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-46350 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens XSS 6Gk5204 0Ba00 2Mb2 Firmware 6Gk5204 0Ba00 2Kb2 Firmware 6Gk5204 0Bs00 2Na3 Firmware +2
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-44575 MEDIUM This Month

A vulnerability has been identified in PLM Help Server V4.2 (All versions). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Plm Help Server
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4444 MEDIUM PATCH This Month

A vulnerability was found in ipti br.tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Tag
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-41275 MEDIUM This Month

In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Solution Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-41273 MEDIUM This Month

Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Contract Lifecycle Manager Sourcing
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-41266 MEDIUM This Month

Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Commerce Webservices 2 0
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-38355 MEDIUM This Month

Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Svmpc1 Svmpc2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-44699 MEDIUM This Month

Azure Network Watcher Agent Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Azure Network Watcher Agent
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-44674 MEDIUM This Month

Windows Bluetooth Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-41074 MEDIUM This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-46351 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Siemens Denial Of Service 6Gk5204 0Ba00 2Mb2 Firmware 6Gk5204 0Ba00 2Kb2 Firmware 6Gk5204 0Bs00 2Na3 Firmware +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31697 MEDIUM This Month

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Vcenter Server Cloud Foundation
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-25675 MEDIUM This Month

Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Aqt1000 Firmware Qca6310 Firmware Qca6320 Firmware +46
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20502 MEDIUM PATCH This Month

In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Information Disclosure Use After Free Memory Corruption +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20500 MEDIUM PATCH This Month

In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20496 MEDIUM PATCH This Month

In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Denial Of Service Google RCE Use After Free +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20482 MEDIUM This Month

In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20476 MEDIUM PATCH This Month

In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20471 MEDIUM This Month

In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20466 MEDIUM This Month

In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-23523 MEDIUM PATCH This Month

In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Loader
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-43996 MEDIUM PATCH This Month

The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Csaf Provider
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-4207 MEDIUM PATCH This Month

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

WordPress XSS Image Hover Effects Ultimate
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-44698 MEDIUM KEV PATCH THREAT This Month

Windows SmartScreen Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 20H2 +7
NVD
CVSS 3.1
5.4
EPSS
76.1%
CVE-2022-41563 MEDIUM This Month

The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Jasperreports Server
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-46265 MEDIUM This Month

A vulnerability has been identified in Polarion ALM (All versions < V2304.0). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Polarion Alm
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-44731 MEDIUM PATCH This Month

A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024),. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Simatic Wincc Oa
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-46354 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens Authentication Bypass 6Gk5204 0Ba00 2Mb2 Firmware 6Gk5204 0Ba00 2Kb2 Firmware 6Gk5204 0Bs00 2Na3 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-45044 MEDIUM This Month

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siprotec 5 6Md85 Firmware Siprotec 5 6Md86 Firmware Siprotec 5 6Md89 Firmware Siprotec 5 6Mu85 Firmware +30
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-31698 MEDIUM This Month

The vCenter Server contains a denial-of-service vulnerability in the content library service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Denial Of Service Cloud Foundation Vcenter Server
NVD
CVSS 3.1
5.3
EPSS
47.8%
CVE-2022-46142 MEDIUM This Month

Affected devices store the CLI user passwords encrypted in flash memory. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware Scalance M812 1 Adsl Router Firmware +97
NVD
CVSS 4.0
5.2
EPSS
0.3%
CVE-2022-4455 MEDIUM PATCH This Month

A vulnerability was identified in sproctor php-calendar up to 2.0.13. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Php Calendar
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2022-46143 MEDIUM This Month

Affected devices do not check the TFTP blocksize correctly. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware Scalance M812 1 Adsl Router Firmware +97
NVD
CVSS 4.0
5.1
EPSS
0.7%
CVE-2022-20497 MEDIUM PATCH This Month

In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Google Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2022-44636 MEDIUM This Month

The Samsung TV (2021 and 2022 model) smart remote control allows attackers to enable microphone access via Bluetooth spoofing when a user is activating remote control by pressing a button. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung T Oscpakuc Firmware T Oscpdeuc Firmware T Oscpuabc Firmware +12
NVD
CVSS 3.1
4.6
EPSS
0.2%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy