Latest CVE Feed
-
9.8
CRITICALCVE-2022-23535
LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserialization of Untrusted Data. LiteDB uses a special field in JSON documents to cast different types from `BsonDocument` to POCO classes. Whe... Read more
Affected Products : litedb- Published: Feb. 24, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23484
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workaroun... Read more
- Published: Dec. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23457
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the ... Read more
Affected Products : active_iq_unified_manager weblogic_server oncommand_workflow_automation enterprise_security_api- Published: Apr. 25, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23305
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipu... Read more
Affected Products : business_intelligence weblogic_server identity_manager_connector snapmanager mysql_enterprise_monitor hyperion_data_relationship_management tuxedo business_process_management_suite communications_instant_messaging_server communications_offline_mediation_controller +18 more products- Published: Jan. 18, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23399
A stack-based buffer overflow vulnerability exists in the confsrv set_port_fwd_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packe... Read more
- Published: Aug. 05, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23167
Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED.... Read more
- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23477
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users... Read more
- Published: Dec. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23125
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len eleme... Read more
- Published: Mar. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23219
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a... Read more
Affected Products : debian_linux communications_cloud_native_core_network_repository_function communications_cloud_native_core_unified_data_repository glibc communications_cloud_native_core_network_function_cloud_native_environment communications_cloud_native_core_binding_support_function communications_cloud_native_core_security_edge_protection_proxy enterprise_operations_monitor- Published: Jan. 14, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-23124
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results ... Read more
- Published: Mar. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23402
The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00... Read more
- Published: Mar. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23364
HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php.... Read more
Affected Products : hms- Published: Jan. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23170
SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability. Any SysAid environment that uses the Okta SSO integration might be vulnerable. An unauthenticated attacker could exploit the XXE vulnerability by sending ... Read more
Affected Products : okta_sso- Published: Jun. 24, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23088
The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may ove... Read more
Affected Products : freebsd- Published: Feb. 15, 2024
- Modified: Jun. 04, 2025
-
9.8
CRITICALCVE-2022-23100
OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).... Read more
Affected Products : ox_app_suite- Published: Jul. 27, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23168
The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'--... Read more
Affected Products : mobile_application_gateway- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23121
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from th... Read more
- Published: Mar. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22972
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need... Read more
- Published: May. 20, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring ... Read more
Affected Products : weblogic_server communications_policy_management jdk communications_cloud_native_core_network_slice_selection_function retail_customer_management_and_segmentation_foundation communications_cloud_native_core_network_repository_function mysql_enterprise_monitor communications_cloud_native_core_unified_data_repository retail_bulk_data_integration retail_xstore_point_of_service +29 more products- Actively Exploited
- Published: Apr. 01, 2022
- Modified: Apr. 10, 2025
-
9.8
CRITICALCVE-2022-22978
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular express... Read more
- Published: May. 19, 2022
- Modified: Nov. 21, 2024