Latest CVE Feed
-
9.8
CRITICALCVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipu... Read more
Affected Products : business_intelligence weblogic_server identity_manager_connector snapmanager mysql_enterprise_monitor hyperion_data_relationship_management tuxedo business_process_management_suite communications_instant_messaging_server communications_offline_mediation_controller +18 more products- EPSS Score: %14.14
- Published: Jan. 18, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23399
A stack-based buffer overflow vulnerability exists in the confsrv set_port_fwd_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packe... Read more
- EPSS Score: %0.44
- Published: Aug. 05, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23167
Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED.... Read more
- EPSS Score: %0.14
- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23477
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users... Read more
- EPSS Score: %0.15
- Published: Dec. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23125
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len eleme... Read more
- EPSS Score: %19.28
- Published: Mar. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23219
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a... Read more
Affected Products : debian_linux communications_cloud_native_core_network_repository_function communications_cloud_native_core_unified_data_repository glibc communications_cloud_native_core_network_function_cloud_native_environment communications_cloud_native_core_binding_support_function communications_cloud_native_core_security_edge_protection_proxy enterprise_operations_monitor- EPSS Score: %0.40
- Published: Jan. 14, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-23124
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results ... Read more
- EPSS Score: %0.61
- Published: Mar. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23402
The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00... Read more
- EPSS Score: %0.41
- Published: Mar. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23364
HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php.... Read more
Affected Products : hms- EPSS Score: %0.26
- Published: Jan. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23170
SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability. Any SysAid environment that uses the Okta SSO integration might be vulnerable. An unauthenticated attacker could exploit the XXE vulnerability by sending ... Read more
Affected Products : okta_sso- EPSS Score: %0.36
- Published: Jun. 24, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23088
The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may ove... Read more
Affected Products : freebsd- EPSS Score: %8.55
- Published: Feb. 15, 2024
- Modified: Jun. 04, 2025
-
9.8
CRITICALCVE-2022-23100
OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).... Read more
Affected Products : ox_app_suite- EPSS Score: %2.53
- Published: Jul. 27, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23168
The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'--... Read more
Affected Products : mobile_application_gateway- EPSS Score: %0.12
- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23121
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from th... Read more
- EPSS Score: %15.39
- Published: Mar. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22972
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need... Read more
- EPSS Score: %93.74
- Published: May. 20, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring ... Read more
Affected Products : weblogic_server communications_policy_management jdk communications_cloud_native_core_network_slice_selection_function retail_customer_management_and_segmentation_foundation communications_cloud_native_core_network_repository_function mysql_enterprise_monitor communications_cloud_native_core_unified_data_repository retail_bulk_data_integration retail_xstore_point_of_service +29 more products- Actively Exploited
- EPSS Score: %94.46
- Published: Apr. 01, 2022
- Modified: Apr. 10, 2025
-
9.8
CRITICALCVE-2022-22978
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular express... Read more
- EPSS Score: %90.79
- Published: May. 19, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22963
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to lo... Read more
Affected Products : communications_cloud_native_core_network_slice_selection_function communications_cloud_native_core_network_repository_function mysql_enterprise_monitor communications_cloud_native_core_unified_data_repository retail_xstore_point_of_service communications_cloud_native_core_policy banking_virtual_account_management sd-wan_edge banking_corporate_lending_process_management banking_credit_facilities_process_management +18 more products- Actively Exploited
- EPSS Score: %94.47
- Published: Apr. 01, 2022
- Modified: Mar. 13, 2025
-
9.8
CRITICALCVE-2022-22929
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.... Read more
Affected Products : mcms- EPSS Score: %2.65
- Published: Jan. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22806
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prio... Read more
Affected Products : smt_series_1015_ups_firmware smc_series_1018_ups_firmware smtl_series_1026_ups_firmware scl_series_1029_ups_firmware scl_series_1030_ups_firmware scl_series_1036_ups_firmware scl_series_1037_ups_firmware smx_series_1031_ups_firmware smt_series_1015_ups smc_series_1018_ups +6 more products- EPSS Score: %0.23
- Published: Mar. 09, 2022
- Modified: Nov. 21, 2024