Skip to main content
CVE-2022-39304 MEDIUM POC PATCH This Month

ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Ghinstallation
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2022-46139 MEDIUM This Month

TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Denial Of Service Tl Wr940N V4 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-47551 MEDIUM PATCH This Month

Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apiman
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-4619 MEDIUM This Month

The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Extra CSS class’ parameter in versions up to, and including, 1.4 due to insufficient input. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Codelights Shortcodes And Widgets
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-41590 MEDIUM This Month

Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-43875 MEDIUM PATCH This Month

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Denial Of Service Financial Transaction Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-46318 MEDIUM PATCH This Month

The HAware module has a function logic error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-46313 MEDIUM PATCH This Month

The sensor privacy module has an authentication vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-43872 MEDIUM PATCH This Month

IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Financial Transaction Manager
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-39166 MEDIUM PATCH This Month

IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Security Guardium
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-46430 MEDIUM This Month

TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wr740N V1 Firmware Tl Wr740N V2 Firmware +2
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2022-46428 MEDIUM This Month

TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wr1043Nd V1 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2022-46422 MEDIUM This Month

An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Netgear Wnr2000 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2022-46771 MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Urbancode Deploy
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2022-43382 MEDIUM PATCH This Month

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Denial Of Service Vios Aix
NVD
CVSS 3.1
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy