Latest CVE Feed
-
9.8
CRITICALCVE-2022-23100
OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).... Read more
Affected Products : ox_app_suite- Published: Jul. 27, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23168
The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'--... Read more
Affected Products : mobile_application_gateway- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23121
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from th... Read more
- Published: Mar. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22972
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need... Read more
- Published: May. 20, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring ... Read more
Affected Products : weblogic_server communications_policy_management jdk communications_cloud_native_core_network_slice_selection_function retail_customer_management_and_segmentation_foundation communications_cloud_native_core_network_repository_function mysql_enterprise_monitor communications_cloud_native_core_unified_data_repository retail_bulk_data_integration retail_xstore_point_of_service +29 more products- Actively Exploited
- Published: Apr. 01, 2022
- Modified: Apr. 10, 2025
-
9.8
CRITICALCVE-2022-22978
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular express... Read more
- Published: May. 19, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22963
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to lo... Read more
Affected Products : communications_cloud_native_core_network_slice_selection_function communications_cloud_native_core_network_repository_function mysql_enterprise_monitor communications_cloud_native_core_unified_data_repository retail_xstore_point_of_service communications_cloud_native_core_policy banking_virtual_account_management sd-wan_edge banking_corporate_lending_process_management banking_credit_facilities_process_management +18 more products- Actively Exploited
- Published: Apr. 01, 2022
- Modified: Mar. 13, 2025
-
9.8
CRITICALCVE-2022-22929
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.... Read more
Affected Products : mcms- Published: Jan. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22806
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prio... Read more
Affected Products : smt_series_1015_ups_firmware smc_series_1018_ups_firmware smtl_series_1026_ups_firmware scl_series_1029_ups_firmware scl_series_1030_ups_firmware scl_series_1036_ups_firmware scl_series_1037_ups_firmware smx_series_1031_ups_firmware smt_series_1015_ups smc_series_1018_ups +6 more products- Published: Mar. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22822
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more
- Published: Jan. 10, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-22912
Prototype pollution vulnerability via .parse() in Plist before v3.0.4 allows attackers to cause a Denial of Service (DoS) and may lead to remote code execution.... Read more
Affected Products : plist- Published: Feb. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22955
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the au... Read more
- Published: Apr. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22805
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Seri... Read more
Affected Products : smt_series_1015_ups_firmware smc_series_1018_ups_firmware smtl_series_1026_ups_firmware scl_series_1029_ups_firmware scl_series_1030_ups_firmware scl_series_1036_ups_firmware scl_series_1037_ups_firmware smx_series_1031_ups_firmware smt_series_1015_ups smc_series_1018_ups +6 more products- Published: Mar. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22730
Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.... Read more
Affected Products : edge_insights_for_industrial- Published: Aug. 18, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-22922
TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges.... Read more
- Published: Feb. 18, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22823
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more
- Published: Jan. 10, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-22813
A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated... Read more
- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22731
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and... Read more
Affected Products : ecostruxure_power_commission- Published: Jan. 30, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22720
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling... Read more
Affected Products : fedora zfs_storage_appliance_kit debian_linux macos http_server enterprise_manager_ops_center mac_os_x http_server- Published: Mar. 14, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22642
This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt.... Read more
- Published: Mar. 18, 2022
- Modified: Nov. 21, 2024