Latest CVE Feed
-
9.8
CRITICALCVE-2022-22963
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to lo... Read more
Affected Products : communications_cloud_native_core_network_slice_selection_function communications_cloud_native_core_network_repository_function mysql_enterprise_monitor communications_cloud_native_core_unified_data_repository retail_xstore_point_of_service communications_cloud_native_core_policy banking_virtual_account_management sd-wan_edge banking_corporate_lending_process_management banking_credit_facilities_process_management +18 more products- Actively Exploited
- Published: Apr. 01, 2022
- Modified: Mar. 13, 2025
-
9.8
CRITICALCVE-2022-22929
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.... Read more
Affected Products : mcms- Published: Jan. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22806
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prio... Read more
Affected Products : smt_series_1015_ups_firmware smc_series_1018_ups_firmware smtl_series_1026_ups_firmware scl_series_1029_ups_firmware scl_series_1030_ups_firmware scl_series_1036_ups_firmware scl_series_1037_ups_firmware smx_series_1031_ups_firmware smt_series_1015_ups smc_series_1018_ups +6 more products- Published: Mar. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22822
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more
- Published: Jan. 10, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-22912
Prototype pollution vulnerability via .parse() in Plist before v3.0.4 allows attackers to cause a Denial of Service (DoS) and may lead to remote code execution.... Read more
Affected Products : plist- Published: Feb. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22955
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the au... Read more
- Published: Apr. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22805
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Seri... Read more
Affected Products : smt_series_1015_ups_firmware smc_series_1018_ups_firmware smtl_series_1026_ups_firmware scl_series_1029_ups_firmware scl_series_1030_ups_firmware scl_series_1036_ups_firmware scl_series_1037_ups_firmware smx_series_1031_ups_firmware smt_series_1015_ups smc_series_1018_ups +6 more products- Published: Mar. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22730
Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.... Read more
Affected Products : edge_insights_for_industrial- Published: Aug. 18, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-22922
TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges.... Read more
- Published: Feb. 18, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22823
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more
- Published: Jan. 10, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-22813
A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated... Read more
- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22731
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and... Read more
Affected Products : ecostruxure_power_commission- Published: Jan. 30, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22720
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling... Read more
Affected Products : fedora zfs_storage_appliance_kit debian_linux macos http_server enterprise_manager_ops_center mac_os_x http_server- Published: Mar. 14, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22642
This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt.... Read more
- Published: Mar. 18, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22641
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.... Read more
- Published: Mar. 18, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22532
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory b... Read more
Affected Products : netweaver_application_server_java- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22485
In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit... Read more
Affected Products : linux_kernel aix windows spectrum_protect_operations_center spectrum_protect_server- Published: Jun. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22487
An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability usin... Read more
- Published: Jun. 30, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22455
IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM... Read more
Affected Products : security_verify_governance- Published: Aug. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22466
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:... Read more
Affected Products : security_verify_governance- Published: Oct. 23, 2023
- Modified: Nov. 21, 2024