Skip to main content
CVE-2022-46059 MEDIUM POC This Month

AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Aerocms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-41915 MEDIUM POC PATCH This Month

Netty project is an event-driven asynchronous network application framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Netty Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-44303 MEDIUM POC PATCH This Month

Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Resque Scheduler
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-46381 MEDIUM POC This Month

Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Linear Emerge E3 Access Control Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2022-38628 MEDIUM POC This Month

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Session Fixation Linear Emerge E3 Access Control Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-45028 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nvg443B Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-46061 MEDIUM POC This Month

AeroCMS v0.0.1 is vulnerable to ClickJacking. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Aerocms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-44874 MEDIUM POC This Month

wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault via the component op_CallIndirect at /m3_exec.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Wasm3
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-46047 MEDIUM POC This Month

AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Aerocms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-46058 MEDIUM POC This Month

AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Aerocms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-46062 MEDIUM POC This Month

Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Gym Management System
NVD GitHub
CVSS 3.1
4.5
EPSS
0.3%
CVE-2022-44682 MEDIUM This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 Windows 11 Windows 11 22h2 +5
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2022-41115 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Information Disclosure Microsoft Google Edge Chromium
NVD
CVSS 3.1
6.6
EPSS
1.9%
CVE-2022-4171 MEDIUM PATCH This Month

The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Demon Image Annotation
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-44707 MEDIUM This Month

Windows Kernel Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2022-44679 MEDIUM This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-46834 MEDIUM This Month

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rfu650 10100 Firmware Rfu650 10101 Firmware Rfu650 10102 Firmware Rfu650 10103 Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-46833 MEDIUM This Month

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rfu630 04100 Firmware Rfu630 04100S01 Firmware Rfu630 04101 Firmware Rfu630 04102 Firmware +20
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-46832 MEDIUM This Month

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmware version < 2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rfu620 10100 Firmware Rfu620 10101 Firmware Rfu620 10102 Firmware Rfu620 10103 Firmware +17
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-45937 MEDIUM PATCH This Month

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions <. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Pxc00 E96 A Firmware Pxc100 E96 A Firmware Pxx 485 3 Firmware Pxc16 2 Pe A Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-27581 MEDIUM This Month

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version <v2.25 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rfu610 10600 Firmware Rfu610 10601 Firmware Rfu610 10603 Firmware Rfu610 10604 Firmware +8
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-20468 MEDIUM This Month

In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2022-38124 MEDIUM This Month

Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sitemanager 1129 Firmware Sitemanager 3329 Firmware Sitemanager 1529 Firmware Sitemanager 3529 Firmware +8
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-41274 MEDIUM This Month

SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Authentication Bypass Disclosure Management
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-24480 MEDIUM PATCH This Month

Outlook for Android Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.3).

Information Disclosure Microsoft Google Outlook
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2022-23499 MEDIUM PATCH This Month

HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Html Sanitizer
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4456 MEDIUM PATCH This Month

A vulnerability has been found in falling-fruit and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Falling Fruit
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-46350 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Siemens XSS 6Gk5204 0Ba00 2Mb2 Firmware 6Gk5204 0Ba00 2Kb2 Firmware 6Gk5204 0Bs00 2Na3 Firmware +2
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-44575 MEDIUM This Month

A vulnerability has been identified in PLM Help Server V4.2 (All versions). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Plm Help Server
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-4444 MEDIUM PATCH This Month

A vulnerability was found in ipti br.tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Tag
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-41275 MEDIUM This Month

In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Solution Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-41273 MEDIUM This Month

Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Contract Lifecycle Manager Sourcing
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-41266 MEDIUM This Month

Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Commerce Webservices 2 0
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-38355 MEDIUM This Month

Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Svmpc1 Svmpc2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-44699 MEDIUM This Month

Azure Network Watcher Agent Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Azure Network Watcher Agent
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-44674 MEDIUM This Month

Windows Bluetooth Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-41074 MEDIUM This Month

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows 7 +6
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-46351 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Siemens Denial Of Service 6Gk5204 0Ba00 2Mb2 Firmware 6Gk5204 0Ba00 2Kb2 Firmware 6Gk5204 0Bs00 2Na3 Firmware +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-31697 MEDIUM This Month

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Vcenter Server Cloud Foundation
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-25675 MEDIUM This Month

Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Aqt1000 Firmware Qca6310 Firmware Qca6320 Firmware +46
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20502 MEDIUM PATCH This Month

In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Information Disclosure Use After Free Memory Corruption +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20500 MEDIUM PATCH This Month

In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20496 MEDIUM PATCH This Month

In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Denial Of Service Google RCE Use After Free +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20482 MEDIUM This Month

In createNotificationChannel of NotificationManager.java, there is a possible way to make the device unusable and require factory reset due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20476 MEDIUM PATCH This Month

In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20471 MEDIUM This Month

In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20466 MEDIUM This Month

In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-23523 MEDIUM PATCH This Month

In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Loader
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-43996 MEDIUM PATCH This Month

The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Csaf Provider
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-4207 MEDIUM PATCH This Month

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several values that can be added to an Image Hover in versions 9.8.1 to 9.8.4 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

WordPress XSS Image Hover Effects Ultimate
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy