High
CVE-2022-34729
Windows GDI Elevation of Privilege Vulnerability
Read moreUncategorized 2022
Page 7/27.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
CVSS ≥ 0.0
2022-09-13
Medium
CVE-2022-34728
Windows Graphics Component Information Disclosure Vulnerability
Read moreHigh
CVE-2022-34727
Microsoft ODBC Driver Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-34726
Microsoft ODBC Driver Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-34724
Windows DNS Server Denial of Service Vulnerability
Read moreMedium
CVE-2022-34723
Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability
Read moreCritical
CVE-2022-34722
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
Read moreCritical
CVE-2022-34721
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-34720
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Read moreHigh
CVE-2022-34719
Windows Distributed File System (DFS) Elevation of Privilege Vulnerability
Read moreCritical
CVE-2022-34718
Windows TCP/IP Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-34100
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure pr…
Read moreHigh
CVE-2022-33679
Windows Kerberos Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-33647
Windows Kerberos Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-30200
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Read moreHigh
CVE-2022-30196
Windows Secure Channel Denial of Service Vulnerability
Read moreHigh
CVE-2022-30170
Windows Credential Roaming Service Elevation of Privilege Vulnerability
Read moreHigh
CVE-2022-26929
.NET Framework Remote Code Execution Vulnerability
Read moreMedium
CVE-2022-36782
Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerability is an authorization problem in PalGate device management android client app. Gates of bulidings and parking lots with a simp…
Read moreMedium
CVE-2022-1602
A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP h…
Read more2022-09-12
Medium
CVE-2022-38299
An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint.
Read moreMedium
CVE-2022-38135
Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.
Read moreMedium
CVE-2021-44425
An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using th…
Read moreHigh
CVE-2022-37734
graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.…
Read moreMedium
CVE-2022-34110
An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size.
Read moreHigh
CVE-2022-34109
An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless of file type or size.
Read moreHigh
CVE-2022-34108
An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file.
Read more2022-09-09
High
CVE-2022-28742
aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can al…
Read moreHigh
CVE-2022-28740
aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor.
Read moreMedium
CVE-2022-38070
Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress.
Read moreMedium
CVE-2022-38067
Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.
Read moreMedium
CVE-2022-38058
Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress.
Read moreMedium
CVE-2022-36793
Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress.
Read moreHigh
CVE-2022-36423
OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to…
Read moreHigh
CVE-2022-25765
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
Read more2022-09-08
Medium
CVE-2019-25076
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that re…
Read moreMedium
CVE-2022-27969
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers.
Read moreMedium
CVE-2022-27968
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of monitored files and profiles via a crafted GET request sent to /WebApp/SettingsFileMonitor/GetFileMonitorProfile…
Read moreMedium
CVE-2022-27967
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of excluded files and profiles via a crafted GET request sent to /WebApp/SettingsExclusion/GetExclusionsProfiles.
Read moreLow
CVE-2022-22314
IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371.
Read moreHigh
CVE-2022-34869
Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS…
Read moreMedium
CVE-2022-25914
The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.
Read moreHigh
CVE-2022-37779
Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the sendnum parameter of the ping function.
Read moreHigh
CVE-2022-37778
Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the current_time parameter of the time function.
Read moreHigh
CVE-2022-37777
Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.17 and earlier were discovered to contain a remote command execution (RCE) vulnerability via the trHops parameter of the tracert f…
Read more2022-09-07
High
CVE-2022-37780
Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the pingAddr parameter of the tracert function.
Read more2022-09-06
High
CVE-2022-37344
Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress.
Read moreHigh
CVE-2022-36427
Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at WordPress.
Read moreHigh
CVE-2022-36387
Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress.
Read moreHigh
CVE-2022-38176
An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation…
Read moreHigh
CVE-2022-31791
WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access) to elevate their privileges and execute code with root permissions. This is fixed in Fireware OS…
Read moreMedium
CVE-2022-36425
Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress.
Read moreHigh
CVE-2022-31790
WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints.…
Read moreLow
CVE-2022-29053
A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession…
Read moreMedium
CVE-2022-28885
A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing the scanning request.
Read moreHigh
CVE-2022-27664
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
Read moreMedium
CVE-2022-27491
A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before…
Read moreMedium
CVE-2022-23691
A vulnerability exists in certain AOS-CX switch models which could allow an attacker with access to the recovery console to bypass normal authentication. A successful exploit allows an attacker to by…
Read moreMedium
CVE-2022-23690
A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to…
Read moreMedium
CVE-2022-23689
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the…
Read moreMedium
CVE-2022-23688
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the…
Read moreMedium
CVE-2022-23687
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the…
Read moreMedium
CVE-2022-23686
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the…
Read moreHigh
CVE-2022-23684
A vulnerability in the web-based management interface of AOS-CX could allow a remote authenticated user with read-only privileges to escalate their permissions to those of an administrative user. Suc…
Read moreMedium
CVE-2022-23678
A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to int…
Read moreHigh
CVE-2021-43565
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
Read moreCritical
CVE-2022-37843
In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in a command injection vulnerability.
Read more2022-09-05
High
CVE-2022-39830
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.
Read moreHigh
CVE-2022-39828
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.
Read moreMedium
CVE-2022-39196
Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor di…
Read more2022-09-02
Medium
CVE-2022-36638
An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders.
Read moreHigh
CVE-2022-34382
Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may poten…
Read moreHigh
CVE-2022-37458
Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate.
Read moreHigh
CVE-2022-22106
Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto
Read moreHigh
CVE-2022-22061
Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
Read moreMedium
CVE-2022-39190
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.
Read moreHigh
CVE-2022-39189
An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_V…
Read moreHigh
CVE-2022-39177
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
Read moreHigh
CVE-2022-39176
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
Read more2022-09-01
High
CVE-2022-36603
InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contain a remote code execution (RCE) vulnerability in the checkUrl function.
Read moreHigh
CVE-2022-36602
InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerability in the setPlatformAPI function.
Read moreCritical
CVE-2022-36601
The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 and below is open on port 1534. This issue allows unauthenticated attackers to gain root privileges on the affected device and ac…
Read moreHigh
CVE-2022-30614
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerabili…
Read more2022-08-31
Medium
CVE-2022-26330
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS).…
Read moreMedium
CVE-2022-27911
An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.
Read more2022-08-30
High
CVE-2022-37172
Incorrect access control in the install directory (C:\msys64) of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.
Read moreHigh
CVE-2022-36565
Incorrect access control in the install directory (C:\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.
Read moreHigh
CVE-2022-36564
Incorrect access control in the install directory (C:\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in th…
Read moreHigh
CVE-2022-36563
Incorrect access control in the install directory (C:\RailsInstaller) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in t…
Read moreHigh
CVE-2022-36562
Incorrect access control in the install directory (C:\Ruby31-x64) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the d…
Read moreMedium
CVE-2022-36561
XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.
Read moreHigh
CVE-2022-37237
An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327.
Read moreCritical
CVE-2022-37176
Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet…
Read more2022-08-29
High
CVE-2022-38772
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make da…
Read moreCritical
CVE-2022-32993
TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh.
Read moreMedium
CVE-2022-21385
A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S…
Read moreMedium
CVE-2022-35019
Advancecomp v2.3 was discovered to contain a segmentation fault.
Read moreMedium
CVE-2022-35018
Advancecomp v2.3 was discovered to contain a segmentation fault.
Read moreMedium
CVE-2022-35014
Advancecomp v2.3 contains a segmentation fault.
Read moreHigh
CVE-2022-25921
All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor.
Read moreCritical
CVE-2022-25644
All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function.
Read moreMedium
CVE-2022-25641
Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads t…
Read moreCritical
CVE-2022-21165
All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function.
Read moreCritical
CVE-2022-36572
Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /upload/admin.php?/deal/.
Read more2022-08-27
Critical
CVE-2022-38792
The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party.
Read more2022-08-26
Medium
CVE-2022-36542
An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data.
Read moreHigh
CVE-2022-36537
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
Read moreMedium
CVE-2022-34303
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pr…
Read moreMedium
CVE-2022-34302
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary cod…
Read moreMedium
CVE-2022-34301
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary c…
Read moreHigh
CVE-2022-25625
A malicious unauthorized PAM user can access the administration configuration data and change the values.
Read moreHigh
CVE-2021-3703
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed w…
Read moreHigh
CVE-2022-37151
There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0.
Read moreMedium
CVE-2022-36121
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse e…
Read moreHigh
CVE-2022-36120
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse e…
Read more2022-08-25
Medium
CVE-2022-37316
Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated…
Read moreMedium
CVE-2022-36118
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse e…
Read moreLow
CVE-2022-36117
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse e…
Read moreMedium
CVE-2022-36116
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse e…
Read moreHigh
CVE-2022-36115
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse e…
Read more