Latest CVE Feed
-
9.8
CRITICALCVE-2022-23219
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a... Read more
Affected Products : debian_linux communications_cloud_native_core_network_repository_function communications_cloud_native_core_unified_data_repository glibc communications_cloud_native_core_network_function_cloud_native_environment communications_cloud_native_core_binding_support_function communications_cloud_native_core_security_edge_protection_proxy enterprise_operations_monitor- Published: Jan. 14, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-23124
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results ... Read more
- Published: Mar. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23402
The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00... Read more
- Published: Mar. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23364
HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php.... Read more
Affected Products : hms- Published: Jan. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23170
SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability. Any SysAid environment that uses the Okta SSO integration might be vulnerable. An unauthenticated attacker could exploit the XXE vulnerability by sending ... Read more
Affected Products : okta_sso- Published: Jun. 24, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23088
The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may ove... Read more
Affected Products : freebsd- Published: Feb. 15, 2024
- Modified: Jun. 04, 2025
-
9.8
CRITICALCVE-2022-23100
OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).... Read more
Affected Products : ox_app_suite- Published: Jul. 27, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23168
The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'--... Read more
Affected Products : mobile_application_gateway- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23121
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from th... Read more
- Published: Mar. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22972
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need... Read more
- Published: May. 20, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring ... Read more
Affected Products : weblogic_server communications_policy_management jdk communications_cloud_native_core_network_slice_selection_function retail_customer_management_and_segmentation_foundation communications_cloud_native_core_network_repository_function mysql_enterprise_monitor communications_cloud_native_core_unified_data_repository retail_bulk_data_integration retail_xstore_point_of_service +29 more products- Actively Exploited
- Published: Apr. 01, 2022
- Modified: Apr. 10, 2025
-
9.8
CRITICALCVE-2022-22978
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular express... Read more
- Published: May. 19, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22963
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to lo... Read more
Affected Products : communications_cloud_native_core_network_slice_selection_function communications_cloud_native_core_network_repository_function mysql_enterprise_monitor communications_cloud_native_core_unified_data_repository retail_xstore_point_of_service communications_cloud_native_core_policy banking_virtual_account_management sd-wan_edge banking_corporate_lending_process_management banking_credit_facilities_process_management +18 more products- Actively Exploited
- Published: Apr. 01, 2022
- Modified: Mar. 13, 2025
-
9.8
CRITICALCVE-2022-22929
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.... Read more
Affected Products : mcms- Published: Jan. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22806
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prio... Read more
Affected Products : smt_series_1015_ups_firmware smc_series_1018_ups_firmware smtl_series_1026_ups_firmware scl_series_1029_ups_firmware scl_series_1030_ups_firmware scl_series_1036_ups_firmware scl_series_1037_ups_firmware smx_series_1031_ups_firmware smt_series_1015_ups smc_series_1018_ups +6 more products- Published: Mar. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22822
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more
- Published: Jan. 10, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-22912
Prototype pollution vulnerability via .parse() in Plist before v3.0.4 allows attackers to cause a Denial of Service (DoS) and may lead to remote code execution.... Read more
Affected Products : plist- Published: Feb. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22955
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the au... Read more
- Published: Apr. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22805
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Seri... Read more
Affected Products : smt_series_1015_ups_firmware smc_series_1018_ups_firmware smtl_series_1026_ups_firmware scl_series_1029_ups_firmware scl_series_1030_ups_firmware scl_series_1036_ups_firmware scl_series_1037_ups_firmware smx_series_1031_ups_firmware smt_series_1015_ups smc_series_1018_ups +6 more products- Published: Mar. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22730
Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.... Read more
Affected Products : edge_insights_for_industrial- Published: Aug. 18, 2022
- Modified: May. 05, 2025