Total
2183 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27815 | 1 Swhkd Project | 1 Swhkd | 2024-11-21 | 6.2 MEDIUM | 7.8 HIGH |
| SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service. | |||||
| CVE-2022-27534 | 1 Kaspersky | 6 Anti-virus, Endpoint Security, Internet Security and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies). | |||||
| CVE-2022-27336 | 1 Seacms | 1 Seacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php. | |||||
| CVE-2022-27250 | 1 Unisoc | 1 Unisoc Chipset | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device's screen, record video of the device's physical environment, or modify data. | |||||
| CVE-2022-27178 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-11-21 | N/A | 9.8 CRITICAL |
| A denial of service vulnerability exists in the confctl_set_wan_cfg functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2022-27133 | 1 Zbzcms | 1 Zbzcms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php. | |||||
| CVE-2022-26945 | 1 Hashicorp | 1 Go-getter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0. | |||||
| CVE-2022-26809 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | |||||
| CVE-2022-26708 | 1 Apple | 1 Macos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2022-26694 | 1 Apple | 1 Macos | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data. | |||||
| CVE-2022-26693 | 1 Apple | 1 Macos | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data. | |||||
| CVE-2022-26646 | 1 Banking System Project | 1 Banking System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter. | |||||
| CVE-2022-26530 | 1 Swaywm | 1 Swaylock | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor. | |||||
| CVE-2022-26520 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql Jdbc Driver | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties. | |||||
| CVE-2022-26346 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-11-21 | N/A | 9.8 CRITICAL |
| A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2022-26313 | 1 Mendix | 1 Forgot Password | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts. | |||||
| CVE-2022-26273 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities. | |||||
| CVE-2022-26131 | 1 Hegemonelectronics | 2 Plc4trucks, Plc4trucks Firmware | 2024-11-21 | 7.5 HIGH | 9.3 CRITICAL |
| Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals. | |||||
| CVE-2022-25390 | 1 Dcnglobal | 2 Dcme-520, Dcme-520 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php. | |||||
| CVE-2022-25361 | 1 Watchguard | 47 Firebox M200, Firebox M270, Firebox M290 and 44 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | |||||