| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-26002 | A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Ne... | E | |
| CVE-2022-26006 | Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged u... | | |
| CVE-2022-26007 | An OS command injection vulnerability exists in the console factory functionality of InHand Networks... | E | |
| CVE-2022-26009 | A stack-based buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functiona... | E | |
| CVE-2022-26013 | Delta Electronics DIAEnergie SQL Injection in DIAE_dmdsetHandler.ashx | S | |
| CVE-2022-26017 | Improper access control in the Intel(R) DSA software for before version 22.2.14 may allow an authent... | S | |
| CVE-2022-26019 | Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions p... | S | |
| CVE-2022-26020 | An information disclosure vulnerability exists in the router configuration export functionality of I... | E | |
| CVE-2022-26022 | Rockwell Automation Studio 5000 Logix Designer Out-of-Bounds Write | S | |
| CVE-2022-26023 | A leftover debug code vulnerability exists in the console verify functionality of InHand Networks In... | E | |
| CVE-2022-26024 | Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC... | | |
| CVE-2022-26026 | A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open ... | E | |
| CVE-2022-26027 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022.... | R | |
| CVE-2022-26028 | Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may all... | | |
| CVE-2022-26031 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022.... | R | |
| CVE-2022-26032 | Uncontrolled search path element in the Intel(R) Distribution for Python programming language before... | | |
| CVE-2022-26034 | Improper authentication vulnerability in the communication protocol provided by AD (Automation Desig... | | |
| CVE-2022-26037 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-26038 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-26039 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022.... | R | |
| CVE-2022-26041 | Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker w... | | |
| CVE-2022-26042 | An OS command injection vulnerability exists in the daretools binary functionality of InHand Network... | E | |
| CVE-2022-26043 | An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of... | E | |
| CVE-2022-26045 | Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_0... | | |
| CVE-2022-26047 | Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer... | | |
| CVE-2022-26049 | Arbitrary File Write via Archive Extraction (Zip Slip) | E S | |
| CVE-2022-26051 | Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote... | | |
| CVE-2022-26052 | Uncontrolled search path element in the Intel(R) MPI Library before version 2021.6 for Intel(R) oneA... | | |
| CVE-2022-26053 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022.... | R | |
| CVE-2022-26054 | Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote a... | | |
| CVE-2022-26055 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022.... | R | |
| CVE-2022-26056 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-26057 | Mint WorkBench Link Following Local Privilege Escalation Vulnerability | S | |
| CVE-2022-26058 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022.... | R | |
| CVE-2022-26059 | Delta Electronics DIAEnergie SQL Injection in GetQueryData | S | |
| CVE-2022-26061 | A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 ... | E | |
| CVE-2022-26062 | Uncontrolled search path element in the Intel(R) Trace Analyzer and Collector before version 2021.6 ... | | |
| CVE-2022-26065 | Delta Electronics DIAEnergie SQL Injection in GetLatestDemandNode and GetDemandAnalysisData | S | |
| CVE-2022-26067 | An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality o... | E | |
| CVE-2022-26068 | Path Traversal | E | |
| CVE-2022-26069 | Delta Electronics DIAEnergie SQL Injection in HandlerPage_KID.ashx | S | |
| CVE-2022-26070 | Error message discloses internal path | | |
| CVE-2022-26071 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions p... | | |
| CVE-2022-26072 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-26073 | A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker ... | E | |
| CVE-2022-26074 | Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 an... | | |
| CVE-2022-26075 | An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand N... | E | |
| CVE-2022-26076 | Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version ... | | |
| CVE-2022-26077 | A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configurati... | E | |
| CVE-2022-26078 | Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets wi... | | |
| CVE-2022-26079 | Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2... | | |
| CVE-2022-26080 | Easily guessable session ID's in NE843 Pulsar Plus Controller | | |
| CVE-2022-26081 | The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to ... | | |
| CVE-2022-26082 | A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automa... | E M | |
| CVE-2022-26083 | Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before ver... | | |
| CVE-2022-26084 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-26085 | An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Network... | E | |
| CVE-2022-26086 | Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.... | | |
| CVE-2022-26087 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022.... | R | |
| CVE-2022-26088 | An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote aut... | E | |
| CVE-2022-26090 | Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that... | | |
| CVE-2022-26091 | Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that phy... | | |
| CVE-2022-26092 | Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code ... | | |
| CVE-2022-26093 | Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-... | | |
| CVE-2022-26094 | Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-... | | |
| CVE-2022-26095 | Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-... | | |
| CVE-2022-26096 | Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-... | | |
| CVE-2022-26097 | Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior... | | |
| CVE-2022-26098 | Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR ... | | |
| CVE-2022-26099 | Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-... | | |
| CVE-2022-26100 | SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a resu... | | |
| CVE-2022-26101 | Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resul... | E | |
| CVE-2022-26102 | Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 7... | | |
| CVE-2022-26103 | Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an at... | | |
| CVE-2022-26104 | SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for upda... | | |
| CVE-2022-26105 | SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible ... | | |
| CVE-2022-26106 | When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrust... | | |
| CVE-2022-26107 | When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sour... | | |
| CVE-2022-26108 | When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in S... | | |
| CVE-2022-26109 | When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted... | | |
| CVE-2022-26110 | An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0... | | |
| CVE-2022-26111 | The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the tar... | E | |
| CVE-2022-26112 | Pinot query endpoint and the realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support | S | |
| CVE-2022-26113 | An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through... | S | |
| CVE-2022-26114 | An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail... | | |
| CVE-2022-26115 | A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbo... | S | |
| CVE-2022-26116 | Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerab... | | |
| CVE-2022-26117 | An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below,... | S | |
| CVE-2022-26118 | A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 t... | S | |
| CVE-2022-26119 | A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker w... | S | |
| CVE-2022-26120 | Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulner... | | |
| CVE-2022-26121 | An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GU... | | |
| CVE-2022-26122 | An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail ... | S | |
| CVE-2022-26123 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022.... | R | |
| CVE-2022-26124 | Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC 8 Boards, I... | S | |
| CVE-2022-26125 | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input pa... | E | |
| CVE-2022-26126 | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non... | E | |
| CVE-2022-26127 | A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the inpu... | E | |
| CVE-2022-26128 | A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input ... | E | |
| CVE-2022-26129 | Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv l... | E | |
| CVE-2022-26130 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions p... | | |
| CVE-2022-26131 | ICSA-22-063-01 Improper Protection against Electromagnetic Fault Injection in Trailer Power Line Communications (PLC) J2497 | M | |
| CVE-2022-26133 | SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before... | S | |
| CVE-2022-26134 | In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists th... | KEV E S | |
| CVE-2022-26135 | A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user... | M | |
| CVE-2022-26136 | A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass S... | S | |
| CVE-2022-26137 | A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause ad... | S | |
| CVE-2022-26138 | The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluenc... | KEV S | |
| CVE-2022-26143 | The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Expres... | KEV E M | |
| CVE-2022-26144 | An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows exe... | | |
| CVE-2022-26146 | Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker.... | | |
| CVE-2022-26147 | The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection.... | E | |
| CVE-2022-26148 | An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password c... | E | |
| CVE-2022-26149 | MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary cod... | E | |
| CVE-2022-26151 | Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command ... | | |
| CVE-2022-26155 | An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can ... | | |
| CVE-2022-26156 | An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injectio... | | |
| CVE-2022-26157 | An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.... | | |
| CVE-2022-26158 | An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accep... | | |
| CVE-2022-26159 | The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to re... | E | |
| CVE-2022-26169 | Air Cargo Management System v1.0 was discovered to contain a SQL injection vulnerability via the ref... | E | |
| CVE-2022-26170 | Simple Mobile Comparison Website v1.0 was discovered to contain a SQL injection vulnerability via th... | E | |
| CVE-2022-26171 | Bank Management System v1.o was discovered to contain a SQL injection vulnerability via the email pa... | E | |
| CVE-2022-26173 | JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:p... | E | |
| CVE-2022-26174 | A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute a... | E S | |
| CVE-2022-26180 | qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.... | E | |
| CVE-2022-26181 | Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function ... | E | |
| CVE-2022-26183 | PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the applicati... | E S | |
| CVE-2022-26184 | Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the applicat... | S | |
| CVE-2022-26186 | TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-26187 | TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-26188 | TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-26189 | TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-26197 | Joget DX 7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Datalist tab... | E | |
| CVE-2022-26198 | Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a craf... | E | |
| CVE-2022-26200 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-26201 | Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.... | E | |
| CVE-2022-26205 | Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability... | | |
| CVE-2022-26206 | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903,... | E | |
| CVE-2022-26207 | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903,... | E | |
| CVE-2022-26208 | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903,... | E | |
| CVE-2022-26209 | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903,... | E | |
| CVE-2022-26210 | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903,... | E | |
| CVE-2022-26211 | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903,... | E | |
| CVE-2022-26212 | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903,... | E | |
| CVE-2022-26213 | Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulner... | E | |
| CVE-2022-26214 | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903,... | E | |
| CVE-2022-26233 | Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to direct... | E | |
| CVE-2022-26235 | A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Se... | | |
| CVE-2022-26236 | The default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter R... | | |
| CVE-2022-26237 | The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Adv... | | |
| CVE-2022-26238 | The default privileges for the running service Normand Service Manager in Beckman Coulter Remisol Ad... | | |
| CVE-2022-26239 | The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Ad... | | |
| CVE-2022-26240 | The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Adv... | | |
| CVE-2022-26243 | Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerMana... | E | |
| CVE-2022-26244 | A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 ... | E | |
| CVE-2022-26245 | Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName i... | E | |
| CVE-2022-26246 | TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /T... | E | |
| CVE-2022-26247 | TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2... | E | |
| CVE-2022-26249 | Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to e... | E | |
| CVE-2022-26250 | Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated at... | E | |
| CVE-2022-26251 | The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to exec... | E | |
| CVE-2022-26252 | aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows at... | E | |
| CVE-2022-26254 | WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control... | E | |
| CVE-2022-26255 | Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload inj... | E | |
| CVE-2022-26258 | D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via H... | KEV E | |
| CVE-2022-26259 | A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, ... | E | |
| CVE-2022-26260 | Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse().... | E | |
| CVE-2022-26263 | Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via t... | E | |
| CVE-2022-26265 | Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerabili... | E | |
| CVE-2022-26266 | Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.... | E | |
| CVE-2022-26267 | Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/main... | E | |
| CVE-2022-26268 | Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /... | E | |
| CVE-2022-26269 | Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages.... | E | |
| CVE-2022-26271 | 74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter... | E | |
| CVE-2022-26272 | A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary... | E | |
| CVE-2022-26273 | EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to p... | | |
| CVE-2022-26276 | An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal.... | | |
| CVE-2022-26278 | Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the Po... | E | |
| CVE-2022-26279 | EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.... | E | |
| CVE-2022-26280 | Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_... | E | |
| CVE-2022-26281 | BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.... | E | |
| CVE-2022-26283 | Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id ... | E | |
| CVE-2022-26284 | Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the... | E | |
| CVE-2022-26285 | Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id ... | E | |
| CVE-2022-26289 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co... | E | |
| CVE-2022-26290 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co... | E | |
| CVE-2022-26291 | lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions z... | E S | |
| CVE-2022-26293 | Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability v... | E | |
| CVE-2022-26295 | A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Managem... | E | |
| CVE-2022-26296 | BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized... | E S | |
| CVE-2022-26300 | EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin.... | E | |
| CVE-2022-26301 | TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\... | E | |
| CVE-2022-26302 | Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' ve... | | |
| CVE-2022-26303 | An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Ope... | E M | |
| CVE-2022-26304 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-26305 | Execution of Untrusted Macros Due to Improper Certificate Validation | | |
| CVE-2022-26306 | Execution of Untrusted Macros Due to Improper Certificate Validation | | |
| CVE-2022-26307 | Weak Master Keys | | |
| CVE-2022-26308 | Improper Access Control in Configuration (Credential store) | S | |
| CVE-2022-26309 | Cross-Site Request en Bulk operation (User operation) | S | |
| CVE-2022-26310 | Improper Authorization in User Management to Vertical Privilege Escalation | S | |
| CVE-2022-26311 | Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secret... | | |
| CVE-2022-26313 | A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.... | S | |
| CVE-2022-26314 | A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.... | S | |
| CVE-2022-26315 | qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by t... | E | |
| CVE-2022-26317 | A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29).... | | |
| CVE-2022-26318 | On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FB... | KEV | |
| CVE-2022-26319 | An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.... | S | |
| CVE-2022-26320 | The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xe... | M | |
| CVE-2022-26322 | Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager | | |
| CVE-2022-26323 | Incorrect Use of Privileged vulnerability has been discovered on OpenText™ UCMDB and Operation Bridge Manager product. | S | |
| CVE-2022-26324 | Possible XSS in iManager URL for access Component | | |
| CVE-2022-26325 | Cross Site Scripting vulnerability in NetIQ Access Manager versions prior to version 5.0.2 | M | |
| CVE-2022-26326 | Potential open redirection vulnerability in NetIQ Access Manager versions prior to version 5.0.2 | M | |
| CVE-2022-26327 | Stored cross-site scripting (XSS) has been discovered in OpenText™ Performance Center | S | |
| CVE-2022-26328 | User enumeration vulnerability has been discovered in OpenText™ Performance Center | S | |
| CVE-2022-26329 | File existence disclosue vulnerability in IDM plugin | M | |
| CVE-2022-26330 | Potential vulnerability has been identified in Micro Focus ArcSight Logger. The vulnerability could be remotely exploited resulting in Information Disclosure. | S | |
| CVE-2022-26331 | Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Self Cross-Site Scripting (XSS). | S | |
| CVE-2022-26332 | Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field.... | E | |
| CVE-2022-26333 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-26334 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated... | S | |
| CVE-2022-26335 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated... | S | |
| CVE-2022-26336 | A carefully crafted TNEF file can cause an out of memory exception | | |
| CVE-2022-26337 | Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an U... | S | |
| CVE-2022-26338 | Delta Electronics DIAEnergie SQL Injection in DIAE_hierarchyHandler.ashx | S | |
| CVE-2022-26339 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022.... | R | |
| CVE-2022-26340 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions p... | | |
| CVE-2022-26341 | Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(... | S | |
| CVE-2022-26342 | A buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL ... | E | |
| CVE-2022-26343 | Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged use... | | |
| CVE-2022-26344 | Incorrect default permissions in the installation binaries for Intel(R) SEAPI all versions may allow... | | |
| CVE-2022-26345 | Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may all... | | |
| CVE-2022-26346 | A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi... | E | |
| CVE-2022-26347 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022.... | R | |
| CVE-2022-26348 | Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields o... | | |
| CVE-2022-26349 | Delta Electronics DIAEnergie SQL Injection in DIAE_eccoefficientHandler.ashx | S | |
| CVE-2022-26351 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26320. Reason: This candidat... | R | |
| CVE-2022-26352 | An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft ... | KEV E | |
| CVE-2022-26353 | A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the f... | S | |
| CVE-2022-26354 | A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not det... | S | |
| CVE-2022-26355 | Citrix Federated Authentication Service (FAS) | | |
| CVE-2022-26356 | Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirt... | S | |
| CVE-2022-26357 | race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for on... | S | |
| CVE-2022-26358 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to mu... | S | |
| CVE-2022-26359 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to mu... | S | |
| CVE-2022-26360 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to mu... | S | |
| CVE-2022-26361 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to mu... | S | |
| CVE-2022-26362 | x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in add... | S | |
| CVE-2022-26363 | x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multipl... | S | |
| CVE-2022-26364 | x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multipl... | E S | |
| CVE-2022-26365 | Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text ... | S | |
| CVE-2022-26366 | WordPress AdRotate Banner Manager Plugin <= 5.9 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-26367 | Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_0... | | |
| CVE-2022-26368 | Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon... | | |
| CVE-2022-26369 | Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 ... | | |
| CVE-2022-26370 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions... | | |
| CVE-2022-26372 | On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x versions p... | | |
| CVE-2022-26373 | Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may... | | |
| CVE-2022-26374 | Uncontrolled search path in the installation binaries for Intel(R) SEAPI all versions may allow an a... | | |
| CVE-2022-26375 | WordPress AB Press Optimizer plugin <= 1.1.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-26376 | A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0... | E | |
| CVE-2022-26377 | mod_proxy_ajp: Possible request smuggling | | |
| CVE-2022-26380 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated... | S | |
| CVE-2022-26381 | An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to ... | E | |
| CVE-2022-26382 | While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was re... | E | |
| CVE-2022-26383 | When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen... | | |
| CVE-2022-26384 | If an attacker could control the contents of an iframe sandboxed with allow-popups but ... | E | |
| CVE-2022-26385 | In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. Thi... | E | |
| CVE-2022-26386 | Previously Firefox for macOS and Linux would download temporary files to a user-specific directory i... | E | |
| CVE-2022-26387 | When installing an add-on, Firefox verified the signature before prompting the user; but while the u... | E | |
| CVE-2022-26388 | Use of Hard-Coded Password Vulnerability in ELI Electrocardiograph Devices | S | |
| CVE-2022-26389 | Improper Access Control Vulnerability in ELI Electrocardiograph Devices | S | |
| CVE-2022-26390 | Unencrypted internal storage of security credentials | | |
| CVE-2022-26392 | Format String vulnerability | | |
| CVE-2022-26393 | Format String vulnerability | | |
| CVE-2022-26394 | Unauthenticated network reconfiguration via TCP/UDP | | |
| CVE-2022-26413 | A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABF... | | |
| CVE-2022-26414 | A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312... | | |
| CVE-2022-26415 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions p... | | |
| CVE-2022-26416 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022.... | R | |
| CVE-2022-26417 | Rockwell Automation Studio 5000 Logix Designer Use After Free | S | |
| CVE-2022-26418 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2022.... | R | |
| CVE-2022-26419 | Rockwell Automation Studio 5000 Logix Designer Code Injection | S | |
| CVE-2022-26420 | An OS command injection vulnerability exists in the console infactory_port functionality of InHand N... | E | |
| CVE-2022-26421 | Uncontrolled search path element in the Intel(R) oneAPI DPC++/C++ Compiler Runtime before version 20... | | |
| CVE-2022-26423 | MISSING AUTHORIZATION CWE-862 | | |
| CVE-2022-26424 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-26425 | Uncontrolled search path element in the Intel(R) oneAPI Collective Communications Library (oneCCL) b... | | |
| CVE-2022-26426 | In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lea... | | |
| CVE-2022-26427 | In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lea... | | |
| CVE-2022-26428 | In video codec, there is a possible memory corruption due to a race condition. This could lead to lo... | | |
| CVE-2022-26429 | In cta, there is a possible way to write permission usage records of an app due to a missing permiss... | | |
| CVE-2022-26430 | In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local ... | | |
| CVE-2022-26431 | In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead t... | | |
| CVE-2022-26432 | In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead t... | | |
| CVE-2022-26433 | In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local ... | | |
| CVE-2022-26434 | In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead t... | | |
| CVE-2022-26435 | In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local ... | | |
| CVE-2022-26436 | In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to... | | |
| CVE-2022-26437 | In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to... | | |
| CVE-2022-26438 | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could le... | | |
| CVE-2022-26439 | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could le... | | |
| CVE-2022-26440 | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could le... | | |
| CVE-2022-26441 | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could le... | | |
| CVE-2022-26442 | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could le... | | |
| CVE-2022-26443 | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could le... | | |
| CVE-2022-26444 | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could le... | | |
| CVE-2022-26445 | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could le... | | |
| CVE-2022-26446 | In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead ... | | |
| CVE-2022-26447 | In BT firmware, there is a possible out of bounds write due to a missing bounds check. This could le... | | |
| CVE-2022-26448 | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to... | | |
| CVE-2022-26449 | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to... | | |
| CVE-2022-26450 | In apusys, there is a possible use after free due to a race condition. This could lead to local esca... | | |
| CVE-2022-26451 | In ged, there is a possible use after free due to improper locking. This could lead to local escalat... | | |
| CVE-2022-26452 | In isp, there is a possible use after free due to improper locking. This could lead to local escalat... | | |
| CVE-2022-26453 | In teei, there is a possible memory corruption due to a use after free. This could lead to local esc... | | |
| CVE-2022-26454 | In teei, there is a possible memory corruption due to an integer overflow. This could lead to local ... | | |
| CVE-2022-26455 | In gz, there is a possible memory corruption due to incorrect error handling. This could lead to loc... | | |
| CVE-2022-26456 | In vow, there is a possible information disclosure due to a symbolic link following. This could lead... | | |
| CVE-2022-26457 | In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to lo... | | |
| CVE-2022-26458 | In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to lo... | | |
| CVE-2022-26459 | In vow, there is a possible out of bounds read due to an integer overflow. This could lead to local ... | | |
| CVE-2022-26460 | In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to... | | |
| CVE-2022-26461 | In vow, there is a possible undefined behavior due to an API misuse. This could lead to local escala... | | |
| CVE-2022-26462 | In vow, there is a possible out of bounds read due to an incorrect bounds check. This could lead to ... | | |
| CVE-2022-26463 | In vow, there is a possible out of bounds read due to an incorrect bounds check. This could lead to ... | | |
| CVE-2022-26464 | In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to... | | |
| CVE-2022-26465 | In audio ipi, there is a possible out of bounds write due to an incorrect bounds check. This could l... | | |
| CVE-2022-26466 | In audio ipi, there is a possible out of bounds write due to an integer overflow. This could lead to... | | |
| CVE-2022-26467 | In rpmb, there is a possible out of bounds write due to an incorrect bounds check. This could lead t... | | |
| CVE-2022-26468 | In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This coul... | | |
| CVE-2022-26469 | In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead ... | | |
| CVE-2022-26470 | In aie, there is a possible out of bounds write due to an incorrect bounds check. This could lead to... | | |
| CVE-2022-26471 | In telephony, there is a possible escalation of privilege due to a parcel format mismatch. This coul... | | |
| CVE-2022-26472 | In ims, there is a possible escalation of privilege due to a parcel format mismatch. This could lead... | | |
| CVE-2022-26473 | In vdec fmt, there is a possible use after free due to improper locking. This could lead to local es... | | |
| CVE-2022-26474 | In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size... | | |
| CVE-2022-26475 | In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to l... | | |
| CVE-2022-26476 | A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Po... | | |
| CVE-2022-26477 | Denial of service in readExternal method | | |
| CVE-2022-26479 | An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (wh... | E | |
| CVE-2022-26481 | An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of... | E | |
| CVE-2022-26482 | An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can... | E | |
| CVE-2022-26483 | An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.... | S | |
| CVE-2022-26484 | An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.... | S | |
| CVE-2022-26485 | Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We ha... | KEV E | |
| CVE-2022-26486 | An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable san... | KEV E | |
| CVE-2022-26487 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26143. Reason: This candidat... | R | |
| CVE-2022-26488 | In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inade... | | |
| CVE-2022-26490 | st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.1... | S | |
| CVE-2022-26491 | An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can r... | S | |
| CVE-2022-26493 | miniOrange SAML Authentication Bypass | S | |
| CVE-2022-26494 | An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript cod... | | |
| CVE-2022-26495 | In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer ov... | E | |
| CVE-2022-26496 | In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a bu... | E | |
| CVE-2022-26497 | BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaSc... | E S | |
| CVE-2022-26498 | An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download... | S | |
| CVE-2022-26499 | An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send... | S | |
| CVE-2022-26500 | Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows r... | KEV | |
| CVE-2022-26501 | Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).... | KEV | |
| CVE-2022-26502 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-26503 | Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allo... | | |
| CVE-2022-26504 | Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for ... | | |
| CVE-2022-26505 | A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to e... | S | |
| CVE-2022-26507 | A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A c... | M | |
| CVE-2022-26508 | Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated u... | S | |
| CVE-2022-26509 | Improper conditions check in the Intel(R) SGX SDK software may allow a privileged user to potentiall... | | |
| CVE-2022-26510 | A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks... | E | |
| CVE-2022-26511 | WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory... | | |
| CVE-2022-26512 | Uncontrolled search path element in the Intel(R) FPGA Add-on for Intel(R) oneAPI Base Toolkit before... | | |
| CVE-2022-26513 | Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00... | | |
| CVE-2022-26514 | Delta Electronics DIAEnergie SQL Injection in DIAE_tagHandler.ashx | S | |
| CVE-2022-26515 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-26516 | ICSA-22-104-03 Red Lion DA50N | M | |
| CVE-2022-26517 | On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versio... | | |
| CVE-2022-26518 | An OS command injection vulnerability exists in the console infactory_net functionality of InHand Ne... | E | |
| CVE-2022-26519 | Interlogix Hills ComNav Improper Restriction of Excessive Authentication Attempts | S | |
| CVE-2022-26520 | In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.lo... | S | |
| CVE-2022-26521 | Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by upl... | E | |
| CVE-2022-26526 | Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can c... | E | |
| CVE-2022-26527 | Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow | S | |
| CVE-2022-26528 | Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow | S | |
| CVE-2022-26529 | Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow | S | |
| CVE-2022-26530 | swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland com... | S | |
| CVE-2022-26531 | Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL se... | | |
| CVE-2022-26532 | A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firm... | | |
| CVE-2022-26533 | Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:... | E | |
| CVE-2022-26534 | FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malici... | E | |
| CVE-2022-26536 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co... | E | |
| CVE-2022-26546 | Hospital Management System v1.0 was discovered to lack an authorization component, allowing attacker... | E | |
| CVE-2022-26555 | A stored cross-site scripting (XSS) vulnerability in the Add a Button function of Eova v1.6.0 allows... | E | |
| CVE-2022-26562 | An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which al... | E | |
| CVE-2022-26563 | An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated... | S | |
| CVE-2022-26564 | HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via ... | E | |
| CVE-2022-26565 | A cross-site scripting (XSS) vulnerability in Totaljs all versions before commit 95f54a5commit, allo... | E S | |
| CVE-2022-26572 | Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to pri... | | |
| CVE-2022-26573 | Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities i... | E | |
| CVE-2022-26579 | PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow a root privileged attacker t... | | |
| CVE-2022-26580 | PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific co... | | |
| CVE-2022-26581 | PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to ... | | |
| CVE-2022-26582 | PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an attacker to gain root acc... | | |
| CVE-2022-26585 | Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list.... | E | |
| CVE-2022-26588 | A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users o... | E | |
| CVE-2022-26589 | A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages.... | | |
| CVE-2022-26591 | FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download ar... | E | |
| CVE-2022-26592 | Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function... | E | |
| CVE-2022-26593 | Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay ... | | |
| CVE-2022-26594 | Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Lifer... | S | |
| CVE-2022-26595 | Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not... | | |
| CVE-2022-26596 | Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page ... | | |
| CVE-2022-26597 | Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Po... | | |
| CVE-2022-26605 | eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality... | E | |
| CVE-2022-26607 | A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attack... | E | |
| CVE-2022-26612 | Arbitrary file write in FileUtil#unpackEntries on Windows | E | |
| CVE-2022-26613 | PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in c... | E | |
| CVE-2022-26615 | A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows ... | E | |
| CVE-2022-26616 | PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scr... | M | |
| CVE-2022-26619 | Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment... | E | |
| CVE-2022-26620 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-26624 | Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability vi... | E | |
| CVE-2022-26627 | Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnera... | E | |
| CVE-2022-26628 | Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter.... | E | |
| CVE-2022-26629 | An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security ... | E | |
| CVE-2022-26630 | Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.... | E | |
| CVE-2022-26631 | Automatic Question Paper Generator v1.0 contains a Time-Based Blind SQL injection vulnerability via ... | S | |
| CVE-2022-26632 | Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection... | E | |
| CVE-2022-26633 | Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerab... | E | |
| CVE-2022-26634 | HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges ... | E | |
| CVE-2022-26635 | PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execu... | E | |
| CVE-2022-26639 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter... | E | |
| CVE-2022-26640 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter... | E | |
| CVE-2022-26641 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort param... | E | |
| CVE-2022-26642 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddres... | E | |
| CVE-2022-26643 | An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application.... | E | |
| CVE-2022-26644 | Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vul... | E | |
| CVE-2022-26645 | A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers t... | E | |
| CVE-2022-26646 | Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerabil... | E | |
| CVE-2022-26647 | A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3... | S | |
| CVE-2022-26648 | A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3... | S | |
| CVE-2022-26649 | A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3... | S | |
| CVE-2022-26650 | Apache ShenYu (incubating) Regular expression denial of service | S | |
| CVE-2022-26651 | An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The fun... | | |
| CVE-2022-26652 | NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP... | | |
| CVE-2022-26653 | Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (... | E | |
| CVE-2022-26654 | Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.... | | |
| CVE-2022-26655 | Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attacker... | | |
| CVE-2022-26656 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumera... | | |
| CVE-2022-26657 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.... | | |
| CVE-2022-26659 | Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any adm... | | |
| CVE-2022-26660 | RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by R... | | |
| CVE-2022-26661 | An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through ... | E | |
| CVE-2022-26662 | An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x throu... | S | |
| CVE-2022-26665 | An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20... | E | |
| CVE-2022-26666 | Delta Electronics DIAEnergie SQL Injection in HandlerDialogECC.ashx | S | |
| CVE-2022-26667 | Delta Electronics DIAEnergie SQL Injection in GetDemandAnalysisData | S | |
| CVE-2022-26668 | ASUS Control Center - Broken Access Control | S | |
| CVE-2022-26669 | ASUS Control Center - SQL Injection | S | |
| CVE-2022-26670 | D-Link DIR-878 - Command Injection | S | |
| CVE-2022-26671 | TAIWAN SECOM CO., LTD., a xDoor Access Control and Personnel Attendance Management system - Hard-coded Credentials | S | |
| CVE-2022-26672 | ASUS WebStorage - Use of Hard-coded Credentials | S | |
| CVE-2022-26673 | ASUS RT-AX88U - Stored XSS | S | |
| CVE-2022-26674 | ASUS RT-AX88U - Format String | S | |
| CVE-2022-26675 | aEnrich a+HRD - Path Traversal | S | |
| CVE-2022-26676 | aEnrich a+HRD - Broken Access Control | S | |
| CVE-2022-26688 | An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in ... | | |
| CVE-2022-26689 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-26690 | Description: A race condition was addressed with additional validation. This issue is fixed in macOS... | | |
| CVE-2022-26691 | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2... | S | |
| CVE-2022-26692 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-26693 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in... | | |
| CVE-2022-26694 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in... | | |
| CVE-2022-26696 | This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monter... | | |
| CVE-2022-26697 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Sec... | | |
| CVE-2022-26698 | An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Secu... | | |
| CVE-2022-26699 | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.... | | |
| CVE-2022-26700 | A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS ... | | |
| CVE-2022-26701 | A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monter... | | |
| CVE-2022-26702 | A use after free issue was addressed with improved memory management. This issue is fixed in watchOS... | | |
| CVE-2022-26703 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.5... | | |
| CVE-2022-26704 | A validation issue existed in the handling of symlinks and was addressed with improved validation of... | | |
| CVE-2022-26705 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-26706 | An access issue was addressed with additional sandbox restrictions on third-party applications. This... | | |
| CVE-2022-26707 | An issue in the handling of environment variables was addressed with improved validation. This issue... | | |
| CVE-2022-26708 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An attack... | | |
| CVE-2022-26709 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15... | | |
| CVE-2022-26710 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.... | | |
| CVE-2022-26711 | An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS ... | | |
| CVE-2022-26712 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.4... | | |
| CVE-2022-26714 | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, ... | | |
| CVE-2022-26715 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Sec... | | |
| CVE-2022-26716 | A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS ... | | |
| CVE-2022-26717 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15... | | |
| CVE-2022-26718 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in mac... | | |
| CVE-2022-26719 | A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS ... | | |
| CVE-2022-26720 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Sec... | | |
| CVE-2022-26721 | A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalin... | | |
| CVE-2022-26722 | A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalin... | | |
| CVE-2022-26723 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS... | | |
| CVE-2022-26724 | An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15... | | |
| CVE-2022-26725 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12... | | |
| CVE-2022-26726 | This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catal... | | |
| CVE-2022-26727 | This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004... | | |
| CVE-2022-26728 | This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004... | | |
| CVE-2022-26729 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-26730 | A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with i... | | |
| CVE-2022-26731 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12... | | |
| CVE-2022-26732 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-26733 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-26734 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-26735 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-26736 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvO... | | |
| CVE-2022-26737 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvO... | | |
| CVE-2022-26738 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvO... | | |
| CVE-2022-26739 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvO... | | |
| CVE-2022-26740 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvO... | | |
| CVE-2022-26741 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mo... | | |
| CVE-2022-26742 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mo... | | |
| CVE-2022-26743 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac... | | |
| CVE-2022-26744 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1... | | |
| CVE-2022-26745 | A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big S... | | |
| CVE-2022-26746 | This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 202... | | |
| CVE-2022-26747 | This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able... | | |
| CVE-2022-26748 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Se... | | |
| CVE-2022-26749 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mo... | | |
| CVE-2022-26750 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mo... | | |
| CVE-2022-26751 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iTune... | | |
| CVE-2022-26752 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mo... | | |
| CVE-2022-26753 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mo... | | |
| CVE-2022-26754 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mo... | | |
| CVE-2022-26755 | This issue was addressed with improved environment sanitization. This issue is fixed in Security Upd... | | |
| CVE-2022-26756 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Se... | | |
| CVE-2022-26757 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15... | | |
| CVE-2022-26760 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1... | | |
| CVE-2022-26761 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in Securi... | | |
| CVE-2022-26762 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS ... | | |
| CVE-2022-26763 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tv... | | |
| CVE-2022-26764 | A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6... | | |
| CVE-2022-26765 | A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvO... | | |
| CVE-2022-26766 | A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iO... | | |
| CVE-2022-26767 | The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12... | | |
| CVE-2022-26768 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS... | | |
| CVE-2022-26769 | A memory corruption issue was addressed with improved input validation. This issue is fixed in Secur... | | |
| CVE-2022-26770 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Sec... | | |
| CVE-2022-26771 | A memory corruption issue was addressed with improved state management. This issue is fixed in watch... | | |
| CVE-2022-26772 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS... | | |
| CVE-2022-26773 | A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 fo... | | |
| CVE-2022-26774 | A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 fo... | | |
| CVE-2022-26775 | An integer overflow was addressed with improved input validation. This issue is fixed in Security Up... | | |
| CVE-2022-26776 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big... | | |
| CVE-2022-26777 | Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.... | E | |
| CVE-2022-26778 | Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registr... | | |
| CVE-2022-26779 | Apache Cloudstack insecure random number generation affects project email invitation | E S | |
| CVE-2022-26780 | Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functional... | E | |
| CVE-2022-26781 | Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functional... | E | |
| CVE-2022-26782 | Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functional... | E | |
| CVE-2022-26783 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | | |
| CVE-2022-26784 | Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability | | |
| CVE-2022-26785 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability | | |
| CVE-2022-26786 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-26787 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-26788 | PowerShell Elevation of Privilege Vulnerability | | |
| CVE-2022-26789 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-26790 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-26791 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-26792 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-26793 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-26794 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-26795 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-26796 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-26797 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-26798 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-26801 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-26802 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-26803 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-26804 | Microsoft Office Graphics Remote Code Execution Vulnerability | | |
| CVE-2022-26805 | Microsoft Office Graphics Remote Code Execution Vulnerability | | |
| CVE-2022-26806 | Microsoft Office Graphics Remote Code Execution Vulnerability | | |
| CVE-2022-26807 | Windows Work Folder Service Elevation of Privilege Vulnerability | | |
| CVE-2022-26808 | Windows File Explorer Elevation of Privilege Vulnerability | | |
| CVE-2022-26809 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | | |
| CVE-2022-26810 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | | |
| CVE-2022-26811 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2022-26812 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2022-26813 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2022-26814 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2022-26815 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2022-26816 | Windows DNS Server Information Disclosure Vulnerability | | |
| CVE-2022-26817 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2022-26818 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2022-26819 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2022-26820 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2022-26821 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2022-26822 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2022-26823 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2022-26824 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2022-26825 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2022-26826 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2022-26827 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | | |
| CVE-2022-26828 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | | |
| CVE-2022-26829 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2022-26830 | DiskUsage.exe Remote Code Execution Vulnerability | | |
| CVE-2022-26831 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | | |
| CVE-2022-26832 | .NET Framework Denial of Service Vulnerability | S | |
| CVE-2022-26833 | An improper authentication vulnerability exists in the REST API functionality of Open Automation Sof... | E M | |
| CVE-2022-26834 | Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a re... | | |
| CVE-2022-26835 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions p... | | |
| CVE-2022-26836 | Delta Electronics DIAEnergie SQL Injection in HandlerExport.ashx/Calendar.ashx | S | |
| CVE-2022-26837 | Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged u... | | |
| CVE-2022-26838 | Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a... | | |
| CVE-2022-26839 | Delta Electronics DIAEnergie Incorrect Default Permissions | S | |
| CVE-2022-26840 | Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an... | | |
| CVE-2022-26841 | Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16... | | |
| CVE-2022-26842 | A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionalit... | E | |
| CVE-2022-26843 | Insufficient visual distinction of homoglyphs presented to user in the Intel(R) oneAPI DPC++/C++ Com... | | |
| CVE-2022-26844 | Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all versions... | | |
| CVE-2022-26845 | Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12... | | |
| CVE-2022-26846 | SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary cod... | S | |
| CVE-2022-26847 | SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial... | S | |
| CVE-2022-26850 | Insufficiently protected credentials | | |
| CVE-2022-26851 | Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerabi... | | |
| CVE-2022-26852 | Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number gene... | | |
| CVE-2022-26853 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-26854 | Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unpriv... | | |
| CVE-2022-26855 | Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerabili... | | |
| CVE-2022-26856 | Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A lo... | | |
| CVE-2022-26857 | Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability.... | | |
| CVE-2022-26858 | Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicio... | | |
| CVE-2022-26859 | Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability... | | |
| CVE-2022-26860 | Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could explo... | | |
| CVE-2022-26861 | Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated m... | | |
| CVE-2022-26862 | Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated maliciou... | | |
| CVE-2022-26863 | Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated maliciou... | | |
| CVE-2022-26864 | Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated maliciou... | | |
| CVE-2022-26865 | Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability... | | |
| CVE-2022-26866 | Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A hi... | | |
| CVE-2022-26867 | PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data ... | | |
| CVE-2022-26868 | Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection fla... | | |
| CVE-2022-26869 | Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote ... | | |
| CVE-2022-26870 | Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenti... | S | |
| CVE-2022-26871 | An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated re... | KEV S | |
| CVE-2022-26872 | Password reset interception via API | S | |
| CVE-2022-26873 | The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary code execution during PEI phase. | E | |
| CVE-2022-26874 | lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice documen... | E S | |
| CVE-2022-26877 | Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the A... | | |
| CVE-2022-26878 | drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers ha... | S | |
| CVE-2022-26884 | Apache DolphinScheduler exposes files without authentication | | |
| CVE-2022-26885 | Apache DolphinScheduler config file read by task risk | | |
| CVE-2022-26887 | Delta Electronics DIAEnergie SQL Injection in DIAE_HandlerTag_KID.ashx | S | |
| CVE-2022-26888 | Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an au... | | |
| CVE-2022-26889 | Path Traversal in search parameter results in external content injection | | |
| CVE-2022-26890 | On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to ... | | |
| CVE-2022-26891 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | | |
| CVE-2022-26894 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | | |
| CVE-2022-26895 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | | |
| CVE-2022-26896 | Azure Site Recovery Information Disclosure Vulnerability | | |
| CVE-2022-26897 | Azure Site Recovery Information Disclosure Vulnerability | | |
| CVE-2022-26898 | Azure Site Recovery Remote Code Execution Vulnerability | | |
| CVE-2022-26899 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2022-26900 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | | |
| CVE-2022-26901 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2022-26903 | Windows Graphics Component Remote Code Execution Vulnerability | | |
| CVE-2022-26904 | Windows User Profile Service Elevation of Privilege Vulnerability | KEV S | |
| CVE-2022-26905 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | S | |
| CVE-2022-26907 | Azure SDK for .NET Information Disclosure Vulnerability | | |
| CVE-2022-26908 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | | |
| CVE-2022-26909 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | | |
| CVE-2022-26910 | Skype for Business and Lync Spoofing Vulnerability | | |
| CVE-2022-26911 | Skype for Business Information Disclosure Vulnerability | | |
| CVE-2022-26912 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | | |
| CVE-2022-26913 | Windows Authentication Information Disclosure Vulnerability | S | |
| CVE-2022-26914 | Win32k Elevation of Privilege Vulnerability | | |
| CVE-2022-26915 | Windows Secure Channel Denial of Service Vulnerability | | |
| CVE-2022-26916 | Windows Fax Compose Form Remote Code Execution Vulnerability | | |
| CVE-2022-26917 | Windows Fax Compose Form Remote Code Execution Vulnerability | | |
| CVE-2022-26918 | Windows Fax Compose Form Remote Code Execution Vulnerability | | |
| CVE-2022-26919 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | | |
| CVE-2022-26920 | Windows Graphics Component Information Disclosure Vulnerability | | |
| CVE-2022-26921 | Visual Studio Code Elevation of Privilege Vulnerability | | |
| CVE-2022-26923 | Active Directory Domain Services Elevation of Privilege Vulnerability | KEV S | |
| CVE-2022-26924 | YARP Denial of Service Vulnerability | | |
| CVE-2022-26925 | Windows LSA Spoofing Vulnerability | KEV S | |
| CVE-2022-26926 | Windows Address Book Remote Code Execution Vulnerability | S | |
| CVE-2022-26927 | Windows Graphics Component Remote Code Execution Vulnerability | S | |
| CVE-2022-26928 | Windows Photo Import API Elevation of Privilege Vulnerability | | |
| CVE-2022-26929 | .NET Framework Remote Code Execution Vulnerability | S | |
| CVE-2022-26930 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | S | |
| CVE-2022-26931 | Windows Kerberos Elevation of Privilege Vulnerability | S | |
| CVE-2022-26932 | Storage Spaces Direct Elevation of Privilege Vulnerability | S | |
| CVE-2022-26933 | Windows NTFS Information Disclosure Vulnerability | S | |
| CVE-2022-26934 | Windows Graphics Component Information Disclosure Vulnerability | S | |
| CVE-2022-26935 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability | S | |
| CVE-2022-26936 | Windows Server Service Information Disclosure Vulnerability | S | |
| CVE-2022-26937 | Windows Network File System Remote Code Execution Vulnerability | S | |
| CVE-2022-26938 | Storage Spaces Direct Elevation of Privilege Vulnerability | S | |
| CVE-2022-26939 | Storage Spaces Direct Elevation of Privilege Vulnerability | S | |
| CVE-2022-26940 | Remote Desktop Protocol Client Information Disclosure Vulnerability | S | |
| CVE-2022-26941 | Format string vulnerability in AT+CTGL command in Motorola MTM5000 | | |
| CVE-2022-26942 | Multiple missing pointer validation checks in trusted execution module in Motorola MTM5000 | | |
| CVE-2022-26943 | Weak PRNG entropy source used for authentication challenge generation in Motorola MTM5000 | | |
| CVE-2022-26944 | Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file outpu... | | |
| CVE-2022-26945 | go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration byp... | M | |
| CVE-2022-26947 | Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated ... | | |
| CVE-2022-26948 | The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure ... | | |
| CVE-2022-26949 | Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachm... | | |
| CVE-2022-26950 | Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivil... | M | |
| CVE-2022-26951 | Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthentic... | M | |
| CVE-2022-26952 | Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building... | E S | |
| CVE-2022-26953 | Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a st... | E | |
| CVE-2022-26954 | Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to ... | E S | |
| CVE-2022-26959 | There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club... | E | |
| CVE-2022-26960 | connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows un... | E S | |
| CVE-2022-26964 | Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows infor... | | |
| CVE-2022-26965 | In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinst... | E | |
| CVE-2022-26966 | An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attacker... | S | |
| CVE-2022-26967 | GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box.... | E S | |
| CVE-2022-26969 | In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.... | S | |
| CVE-2022-26971 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is ex... | | |
| CVE-2022-26972 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is ex... | | |
| CVE-2022-26973 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is ex... | | |
| CVE-2022-26974 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is ex... | | |
| CVE-2022-26975 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is ex... | | |
| CVE-2022-26976 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is ex... | | |
| CVE-2022-26977 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is ex... | | |
| CVE-2022-26978 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is ex... | | |
| CVE-2022-26979 | Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when th... | E | |
| CVE-2022-26980 | Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.... | E S | |
| CVE-2022-26981 | Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (cal... | E S | |
| CVE-2022-26982 | SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrar... | E | |
| CVE-2022-26986 | SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in uni... | E | |
| CVE-2022-26987 | TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers ha... | E | |
| CVE-2022-26988 | TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers ha... | E | |
| CVE-2022-26990 | Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered... | E | |
| CVE-2022-26991 | Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered... | E | |
| CVE-2022-26992 | Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered... | E | |
| CVE-2022-26993 | Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered... | E | |
| CVE-2022-26994 | Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered... | E | |
| CVE-2022-26995 | Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pp... | E | |
| CVE-2022-26996 | Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe functi... | E | |
| CVE-2022-26997 | Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp functio... | E | |
| CVE-2022-26998 | Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting ... | E | |
| CVE-2022-26999 | Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip se... | E |