| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-27000 | Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and tim... | E | |
| CVE-2022-27001 | Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp functi... | E | |
| CVE-2022-27002 | Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns functi... | E | |
| CVE-2022-27003 | Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered t... | E | |
| CVE-2022-27004 | Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered t... | E | |
| CVE-2022-27005 | Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered t... | E | |
| CVE-2022-27007 | nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to... | E S | |
| CVE-2022-27008 | nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a s... | E S | |
| CVE-2022-27016 | There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of ... | E | |
| CVE-2022-27022 | There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tend... | E | |
| CVE-2022-27041 | Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.... | E S | |
| CVE-2022-27043 | Yearning versions 2.3.1 and 2.3.2 Interstellar GA and 2.3.4 - 2.3.6 Neptune is vulnerable to Directo... | E | |
| CVE-2022-27044 | libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876.... | E | |
| CVE-2022-27046 | libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388.... | E | |
| CVE-2022-27047 | mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation.... | | |
| CVE-2022-27048 | A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-m... | | |
| CVE-2022-27049 | Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpo... | E | |
| CVE-2022-27050 | BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability wh... | E | |
| CVE-2022-27052 | FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local... | E | |
| CVE-2022-27055 | ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/clas... | E | |
| CVE-2022-27061 | AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image f... | E | |
| CVE-2022-27062 | AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_p... | E | |
| CVE-2022-27063 | AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_... | E | |
| CVE-2022-27064 | Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs... | E | |
| CVE-2022-27076 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co... | E | |
| CVE-2022-27077 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co... | E | |
| CVE-2022-27078 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co... | E | |
| CVE-2022-27079 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co... | E | |
| CVE-2022-27080 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co... | E | |
| CVE-2022-27081 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co... | E | |
| CVE-2022-27082 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co... | E | |
| CVE-2022-27083 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the co... | E | |
| CVE-2022-27088 | Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to la... | | |
| CVE-2022-27089 | In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a... | | |
| CVE-2022-27090 | Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl... | E | |
| CVE-2022-27092 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-27094 | Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate pri... | E | |
| CVE-2022-27095 | BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the... | E | |
| CVE-2022-27103 | element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column.... | E | |
| CVE-2022-27104 | An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3... | | |
| CVE-2022-27105 | InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection n... | | |
| CVE-2022-27107 | OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the G... | E | |
| CVE-2022-27108 | OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/we... | E | |
| CVE-2022-27109 | OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability.... | E | |
| CVE-2022-27110 | OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint.... | E | |
| CVE-2022-27111 | Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the adm... | E | |
| CVE-2022-27114 | There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls mall... | E S | |
| CVE-2022-27115 | In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through fil... | E S | |
| CVE-2022-27123 | Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the... | E | |
| CVE-2022-27124 | Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the user... | E | |
| CVE-2022-27125 | zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neir... | | |
| CVE-2022-27126 | zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /includ... | | |
| CVE-2022-27127 | zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/aja... | | |
| CVE-2022-27128 | An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrar... | | |
| CVE-2022-27129 | An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute... | | |
| CVE-2022-27131 | An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to ex... | | |
| CVE-2022-27133 | zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php.... | | |
| CVE-2022-27134 | EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the `transfer` function of the s... | E | |
| CVE-2022-27135 | xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can... | E | |
| CVE-2022-27139 | An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers t... | E | |
| CVE-2022-27140 | An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows ... | E | |
| CVE-2022-27145 | GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_is... | E | |
| CVE-2022-27146 | GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_iso... | E | |
| CVE-2022-27147 | GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_no... | E | |
| CVE-2022-27148 | GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.... | E | |
| CVE-2022-27149 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-27152 | Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable... | | |
| CVE-2022-27156 | Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.... | E S | |
| CVE-2022-27157 | pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.p... | S | |
| CVE-2022-27158 | pearweb < 1.32 suffers from Deserialization of Untrusted Data.... | S | |
| CVE-2022-27161 | Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers... | E | |
| CVE-2022-27162 | CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser... | E | |
| CVE-2022-27163 | CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser... | E | |
| CVE-2022-27164 | CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers... | E | |
| CVE-2022-27165 | CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus... | E | |
| CVE-2022-27166 | XSS vulnerability on XHRHtml2Markup.jsp in JSPWiki 2.11.2 | | |
| CVE-2022-27167 | Arbitrary File Deletion in ESET products for Windows | | |
| CVE-2022-27168 | Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to i... | S | |
| CVE-2022-27169 | An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of O... | E M | |
| CVE-2022-27170 | Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an a... | S | |
| CVE-2022-27172 | A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks... | E | |
| CVE-2022-27173 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-27174 | Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allo... | | |
| CVE-2022-27175 | Delta Electronics DIAEnergie SQL Injection in GetCalcTagList | S | |
| CVE-2022-27176 | Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitiza... | | |
| CVE-2022-27177 | A Python format string issue leading to information disclosure and potentially remote code execution... | | |
| CVE-2022-27178 | A denial of service vulnerability exists in the confctl_set_wan_cfg functionality of TCL LinkHub Mes... | E | |
| CVE-2022-27179 | ICSA-22-104-03 Red Lion DA50N | M | |
| CVE-2022-27180 | Uncontrolled search path in the Intel(R) MacCPUID software before version 3.2 may allow an authentic... | | |
| CVE-2022-27181 | On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versio... | | |
| CVE-2022-27182 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versio... | | |
| CVE-2022-27183 | Reflected XSS in a query parameter of the Monitoring Console | | |
| CVE-2022-27184 | Horner Automation Cscape Csfont | S | |
| CVE-2022-27185 | A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub... | E | |
| CVE-2022-27187 | Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before vers... | S | |
| CVE-2022-27188 | OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.0... | | |
| CVE-2022-27189 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions p... | | |
| CVE-2022-27191 | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attack... | | |
| CVE-2022-27192 | The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows una... | | |
| CVE-2022-27193 | CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusi... | | |
| CVE-2022-27194 | A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1... | S | |
| CVE-2022-27195 | Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to build... | | |
| CVE-2022-27196 | Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, ... | | |
| CVE-2022-27197 | Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portle... | | |
| CVE-2022-27198 | A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3... | | |
| CVE-2022-27199 | A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier... | | |
| CVE-2022-27200 | Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of role... | | |
| CVE-2022-27201 | Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/age... | | |
| CVE-2022-27202 | Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value an... | | |
| CVE-2022-27203 | Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/C... | | |
| CVE-2022-27204 | A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5... | | |
| CVE-2022-27205 | A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlie... | | |
| CVE-2022-27206 | Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in... | | |
| CVE-2022-27207 | Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart confi... | | |
| CVE-2022-27208 | Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create p... | | |
| CVE-2022-27209 | A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows a... | | |
| CVE-2022-27210 | A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3... | | |
| CVE-2022-27211 | A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows a... | | |
| CVE-2022-27212 | Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List G... | | |
| CVE-2022-27213 | Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and th... | | |
| CVE-2022-27214 | A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier... | | |
| CVE-2022-27215 | A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with ... | | |
| CVE-2022-27216 | Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global... | | |
| CVE-2022-27217 | Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config... | | |
| CVE-2022-27218 | Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.x... | | |
| CVE-2022-27219 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affec... | S | |
| CVE-2022-27220 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affec... | S | |
| CVE-2022-27221 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attack... | S | |
| CVE-2022-27223 | In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not... | S | |
| CVE-2022-27224 | An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated at... | E | |
| CVE-2022-27225 | Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses ... | | |
| CVE-2022-27226 | A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to creat... | E | |
| CVE-2022-27227 | In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerD... | S | |
| CVE-2022-27228 | In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthentic... | E | |
| CVE-2022-27229 | Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool so... | S | |
| CVE-2022-27230 | On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-I... | | |
| CVE-2022-27231 | Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it impro... | | |
| CVE-2022-27233 | XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Stan... | S | |
| CVE-2022-27234 | Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may all... | | |
| CVE-2022-27235 | WordPress Social Share Buttons by Supsystic plugin <= 2.2.3 - Multiple Broken Access Control vulnerabilities | S | |
| CVE-2022-27237 | There is a cross-site scripting (XSS) vulnerability in an NI Web Server component installed with sev... | S | |
| CVE-2022-27238 | BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the p... | | |
| CVE-2022-27239 | In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-li... | S | |
| CVE-2022-27240 | scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a we... | S | |
| CVE-2022-27241 | A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31),... | S | |
| CVE-2022-27242 | A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing ... | S | |
| CVE-2022-27243 | An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion... | S | |
| CVE-2022-27244 | An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS pa... | S | |
| CVE-2022-27245 | An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServe... | S | |
| CVE-2022-27246 | An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is no... | S | |
| CVE-2022-27247 | onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive in... | E | |
| CVE-2022-27248 | A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated ... | | |
| CVE-2022-27249 | An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenti... | E | |
| CVE-2022-27250 | The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e... | | |
| CVE-2022-27254 | The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open r... | E | |
| CVE-2022-27255 | In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a sta... | | |
| CVE-2022-27256 | A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allow... | E S | |
| CVE-2022-27257 | A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.... | S | |
| CVE-2022-27258 | Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 and earlier allows remote atta... | | |
| CVE-2022-27260 | An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attac... | E | |
| CVE-2022-27261 | An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multip... | E | |
| CVE-2022-27262 | An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers ... | E | |
| CVE-2022-27263 | An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers t... | E | |
| CVE-2022-27268 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a r... | E | |
| CVE-2022-27269 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a r... | E | |
| CVE-2022-27270 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a r... | E | |
| CVE-2022-27271 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a r... | E | |
| CVE-2022-27272 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a r... | E | |
| CVE-2022-27273 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a r... | E | |
| CVE-2022-27274 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a r... | E | |
| CVE-2022-27275 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a r... | E | |
| CVE-2022-27276 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a r... | E | |
| CVE-2022-27277 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an ... | E | |
| CVE-2022-27279 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an ... | E | |
| CVE-2022-27280 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a s... | | |
| CVE-2022-27286 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogi... | E | |
| CVE-2022-27287 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPPoE. ... | E | |
| CVE-2022-27288 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPTP. T... | E | |
| CVE-2022-27289 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanL2TP. T... | E | |
| CVE-2022-27290 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanDhcpplu... | E | |
| CVE-2022-27291 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup... | E | |
| CVE-2022-27292 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChang... | | |
| CVE-2022-27293 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. Th... | E | |
| CVE-2022-27294 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSet... | E | |
| CVE-2022-27295 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup.... | E | |
| CVE-2022-27299 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the comp... | E | |
| CVE-2022-27304 | Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user par... | E | |
| CVE-2022-27305 | Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the applicat... | S | |
| CVE-2022-27306 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-27308 | A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers... | E | |
| CVE-2022-27311 | Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a craft... | S | |
| CVE-2022-27313 | An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Serv... | S | |
| CVE-2022-27330 | A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Webs... | E | |
| CVE-2022-27331 | An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all user... | S | |
| CVE-2022-27332 | An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log wit... | S | |
| CVE-2022-27333 | idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the ins... | E | |
| CVE-2022-27336 | Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component... | E | |
| CVE-2022-27337 | A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of... | E | |
| CVE-2022-27340 | MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnera... | E | |
| CVE-2022-27341 | JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management fu... | E | |
| CVE-2022-27342 | Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResul... | E | |
| CVE-2022-27346 | Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/... | E | |
| CVE-2022-27348 | Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via ... | E | |
| CVE-2022-27349 | Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.... | E | |
| CVE-2022-27351 | Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /pub... | E | |
| CVE-2022-27352 | Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /... | E | |
| CVE-2022-27357 | Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_... | E | |
| CVE-2022-27359 | Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a this.maildoc NULL pointer derefe... | E | |
| CVE-2022-27360 | SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the compone... | E | |
| CVE-2022-27365 | Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the compo... | E | |
| CVE-2022-27366 | Cscms Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the... | E | |
| CVE-2022-27367 | Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the compo... | E | |
| CVE-2022-27368 | Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the compo... | E | |
| CVE-2022-27369 | Cscms Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the compo... | E | |
| CVE-2022-27373 | Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a... | E | |
| CVE-2022-27374 | Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the fun... | E | |
| CVE-2022-27375 | Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the fun... | E | |
| CVE-2022-27376 | MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_a... | E | |
| CVE-2022-27377 | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_f... | E | |
| CVE-2022-27378 | An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovere... | E | |
| CVE-2022-27379 | An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was... | E | |
| CVE-2022-27380 | An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered t... | E | |
| CVE-2022-27381 | An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to all... | E | |
| CVE-2022-27382 | MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item... | E | |
| CVE-2022-27383 | MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strca... | E | |
| CVE-2022-27384 | An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below ... | E | |
| CVE-2022-27385 | An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB S... | E | |
| CVE-2022-27386 | MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/... | E | |
| CVE-2022-27387 | MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component d... | E | |
| CVE-2022-27404 | FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer ove... | E S | |
| CVE-2022-27405 | FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation vi... | | |
| CVE-2022-27406 | FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation vi... | E | |
| CVE-2022-27411 | TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via ... | E | |
| CVE-2022-27412 | Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request... | E | |
| CVE-2022-27413 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the admi... | E | |
| CVE-2022-27416 | Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.... | E S | |
| CVE-2022-27418 | Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.... | E S | |
| CVE-2022-27419 | rtl_433 21.12 was discovered to contain a stack overflow in the function acurite_00275rm_decode at /... | E S | |
| CVE-2022-27420 | Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the pati... | E | |
| CVE-2022-27421 | Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate ... | S | |
| CVE-2022-27422 | A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to exe... | S | |
| CVE-2022-27423 | Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id paramet... | S | |
| CVE-2022-27425 | Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the co... | S | |
| CVE-2022-27426 | A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the inter... | S | |
| CVE-2022-27427 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-38745. Reason: This candidat... | R | |
| CVE-2022-27428 | A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows ... | E | |
| CVE-2022-27429 | Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /ad... | E | |
| CVE-2022-27431 | Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at... | E | |
| CVE-2022-27432 | A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of ... | | |
| CVE-2022-27434 | UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to contain a SQL injection vulnerabil... | E | |
| CVE-2022-27435 | An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allow... | E | |
| CVE-2022-27436 | A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_user at Ecommerce-Website ... | E | |
| CVE-2022-27438 | Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced... | E S | |
| CVE-2022-27441 | A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows attackers to execute arbitrar... | E | |
| CVE-2022-27442 | TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information su... | E | |
| CVE-2022-27444 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/... | E | |
| CVE-2022-27445 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/... | E | |
| CVE-2022-27446 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/... | E | |
| CVE-2022-27447 | MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_s... | E | |
| CVE-2022-27448 | There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR... | E S | |
| CVE-2022-27449 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/... | E S | |
| CVE-2022-27451 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/... | E S | |
| CVE-2022-27452 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/... | E | |
| CVE-2022-27455 | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wil... | E S | |
| CVE-2022-27456 | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::... | E | |
| CVE-2022-27457 | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_... | E S | |
| CVE-2022-27458 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-27447. Reason: This candidat... | R | |
| CVE-2022-27461 | In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authentic... | E | |
| CVE-2022-27462 | Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVi... | S | |
| CVE-2022-27463 | Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers ... | S | |
| CVE-2022-27466 | MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /di... | E | |
| CVE-2022-27468 | Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execu... | E | |
| CVE-2022-27469 | Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF).... | E | |
| CVE-2022-27470 | SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_R... | E S | |
| CVE-2022-27472 | SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attacker... | E | |
| CVE-2022-27473 | SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attacke... | E | |
| CVE-2022-27474 | SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into ... | E | |
| CVE-2022-27475 | Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute... | S | |
| CVE-2022-27476 | A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attac... | E | |
| CVE-2022-27477 | Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /ad... | E | |
| CVE-2022-27478 | Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component ... | E | |
| CVE-2022-27479 | SQL injection vulnerability in chart data API | | |
| CVE-2022-27480 | A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-80... | S | |
| CVE-2022-27481 | A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-... | S | |
| CVE-2022-27482 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2022-27483 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2022-27484 | A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x a... | | |
| CVE-2022-27485 | A improper neutralization of special elements used in an sql command ('sql injection') vulnerability... | S | |
| CVE-2022-27486 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2022-27487 | A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through ... | S | |
| CVE-2022-27488 | A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwit... | S | |
| CVE-2022-27489 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2022-27490 | A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 ... | S | |
| CVE-2022-27491 | A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine ver... | | |
| CVE-2022-27492 | An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted vi... | | |
| CVE-2022-27493 | Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may ... | S | |
| CVE-2022-27494 | CROSS-SITE SCRIPTING CWE-79 | | |
| CVE-2022-27495 | On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the... | | |
| CVE-2022-27496 | Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attac... | | |
| CVE-2022-27497 | Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12... | | |
| CVE-2022-27498 | A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment f... | | |
| CVE-2022-27499 | Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a ... | S | |
| CVE-2022-27500 | Incorrect default permissions for the Intel(R) Support Android application before 21.07.40 may allow... | | |
| CVE-2022-27502 | RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an inst... | | |
| CVE-2022-27503 | Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and ve... | S | |
| CVE-2022-27505 | Reflected cross site scripting (XSS)... | | |
| CVE-2022-27506 | Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI... | | |
| CVE-2022-27507 | Authenticated denial of service | M | |
| CVE-2022-27508 | Unauthenticated denial of service | M | |
| CVE-2022-27509 | Unauthenticated redirection to a malicious website | | |
| CVE-2022-27510 | Unauthorized access to Gateway user capabilities | | |
| CVE-2022-27511 | Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator password | | |
| CVE-2022-27512 | Temporary disruption of the ADM license service | | |
| CVE-2022-27513 | Remote desktop takeover via phishing | | |
| CVE-2022-27516 | User login brute force protection functionality bypass | | |
| CVE-2022-27518 | Unauthenticated remote arbitrary code execution | KEV | |
| CVE-2022-27523 | A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive i... | | |
| CVE-2022-27524 | An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitiv... | | |
| CVE-2022-27525 | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead ... | | |
| CVE-2022-27526 | A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory... | | |
| CVE-2022-27527 | A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. ... | | |
| CVE-2022-27528 | A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-afte... | | |
| CVE-2022-27529 | A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be u... | | |
| CVE-2022-27530 | A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to wri... | | |
| CVE-2022-27531 | A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max... | | |
| CVE-2022-27532 | A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the all... | | |
| CVE-2022-27534 | Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases rele... | | |
| CVE-2022-27535 | Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file dele... | | |
| CVE-2022-27536 | Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when pr... | | |
| CVE-2022-27537 | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which m... | | |
| CVE-2022-27538 | A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for ... | S | |
| CVE-2022-27539 | Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS ... | | |
| CVE-2022-27540 | A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS f... | | |
| CVE-2022-27541 | Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS ... | | |
| CVE-2022-27544 | HCL BigFix Web Reports authorized users may see sensitive information in clear text | | |
| CVE-2022-27545 | HCL BigFix Web Reports authorized users may perform HTML injection. | | |
| CVE-2022-27546 | HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability | | |
| CVE-2022-27547 | HCL iNotes is susceptible to a link to non-existent domain vulnerability. | | |
| CVE-2022-27548 | HCL Launch is vulnerable to information disclosure which can be read by a local user. | | |
| CVE-2022-27549 | HCL Launch could disclose sensitive database information to a local user in plain text. | | |
| CVE-2022-27551 | HCL Launch could allow an authenticated user to obtain sensitive information (CVE-2022-27551) | | |
| CVE-2022-27558 | HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. | | |
| CVE-2022-27560 | An insufficiently protected credential vulnerability affects HCL VersionVault Express | | |
| CVE-2022-27561 | HCL Traveler is susceptible to a Reflected Cross-Site Scripting vulnerability in the web admin (LotusTraveler.nsf) | S | |
| CVE-2022-27562 | HCL Domino Volt is affected by an unrestricted upload of a dangerous file type | | |
| CVE-2022-27563 | Overload/denial of service affects HCL VersionVault Express | | |
| CVE-2022-27567 | Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-... | | |
| CVE-2022-27568 | Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Ap... | | |
| CVE-2022-27569 | Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Ap... | | |
| CVE-2022-27570 | Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to... | | |
| CVE-2022-27571 | Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior... | | |
| CVE-2022-27572 | Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Ap... | | |
| CVE-2022-27573 | Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsi... | | |
| CVE-2022-27574 | Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsi... | | |
| CVE-2022-27575 | Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access... | | |
| CVE-2022-27576 | Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to a... | | |
| CVE-2022-27577 | The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TC... | | |
| CVE-2022-27578 | An attacker can perform a privilege escalation through the SICK OEE if the application is installed ... | | |
| CVE-2022-27579 | A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Sof... | M | |
| CVE-2022-27580 | A deserialization vulnerability in a .NET framework class used and not properly checked by Safety De... | M | |
| CVE-2022-27581 | Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version | | |
| CVE-2022-27582 | Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remo... | | |
| CVE-2022-27583 | A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3... | | |
| CVE-2022-27584 | Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote a... | | |
| CVE-2022-27585 | Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware vers... | S | |
| CVE-2022-27586 | Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allo... | | |
| CVE-2022-27588 | Vulnerability in QVR | S | |
| CVE-2022-27592 | QVR Smart Client | S | |
| CVE-2022-27593 | DeadBolt Ransomware | KEV S | |
| CVE-2022-27595 | QVPN Device Client | S | |
| CVE-2022-27596 | Vulnerability in QTS | S | |
| CVE-2022-27597 | QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) | S | |
| CVE-2022-27598 | QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) | S | |
| CVE-2022-27599 | QVR Pro Client | S | |
| CVE-2022-27600 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2022-27607 | Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom class, a different issue than... | E | |
| CVE-2022-27608 | Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to regis... | S | |
| CVE-2022-27609 | Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide suffi... | S | |
| CVE-2022-27610 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in weba... | | |
| CVE-2022-27611 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in weba... | | |
| CVE-2022-27612 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi componen... | | |
| CVE-2022-27613 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2022-27614 | Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology M... | | |
| CVE-2022-27615 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi ... | | |
| CVE-2022-27616 | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabi... | | |
| CVE-2022-27617 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in weba... | | |
| CVE-2022-27618 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in weba... | | |
| CVE-2022-27619 | Cleartext transmission of sensitive information vulnerability in authentication management in Synolo... | | |
| CVE-2022-27620 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in weba... | | |
| CVE-2022-27621 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in weba... | | |
| CVE-2022-27622 | Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskSta... | | |
| CVE-2022-27623 | Missing authentication for critical function vulnerability in iSCSI management functionality in Syno... | | |
| CVE-2022-27624 | A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is... | | |
| CVE-2022-27625 | A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is... | | |
| CVE-2022-27626 | A vulnerability regarding concurrent execution using shared resource with improper synchronization (... | | |
| CVE-2022-27627 | Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 al... | | |
| CVE-2022-27628 | WordPress WZone – Lite Version Plugin <= 3.1 Lite is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2022-27629 | Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Conte... | S | |
| CVE-2022-27630 | An information disclosure vulnerability exists in the confctl_get_master_wlan functionality of TCL L... | E | |
| CVE-2022-27631 | A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 3227... | E | |
| CVE-2022-27632 | Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] al... | S | |
| CVE-2022-27633 | An information disclosure vulnerability exists in the confctl_get_guest_wlan functionality of TCL Li... | E | |
| CVE-2022-27634 | On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not prop... | M | |
| CVE-2022-27635 | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allo... | S | |
| CVE-2022-27636 | On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versio... | | |
| CVE-2022-27637 | Reflected cross-site scripting vulnerability in PukiWiki versions 1.5.1 to 1.5.3 allows a remote att... | S | |
| CVE-2022-27638 | Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and ... | S | |
| CVE-2022-27639 | Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 ... | | |
| CVE-2022-27640 | A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443... | S | |
| CVE-2022-27641 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2022-27642 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installati... | | |
| CVE-2022-27643 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2022-27644 | This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded infor... | | |
| CVE-2022-27645 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installati... | | |
| CVE-2022-27646 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2022-27647 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2022-27648 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of KO... | | |
| CVE-2022-27649 | A flaw was found in Podman, where containers were started incorrectly with non-empty default permiss... | S | |
| CVE-2022-27650 | A flaw was found in crun where containers were incorrectly started with non-empty default permission... | S | |
| CVE-2022-27651 | A flaw was found in buildah where containers were incorrectly started with non-empty default permiss... | S | |
| CVE-2022-27652 | A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissi... | M | |
| CVE-2022-27653 | A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected applic... | M | |
| CVE-2022-27654 | When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in... | | |
| CVE-2022-27655 | When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SA... | | |
| CVE-2022-27656 | The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does no... | | |
| CVE-2022-27657 | A highly privileged remote attacker, can gain unauthorized access to display contents of restricted ... | | |
| CVE-2022-27658 | Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access info... | | |
| CVE-2022-27659 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versio... | | |
| CVE-2022-27660 | A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub ... | E | |
| CVE-2022-27661 | Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remo... | | |
| CVE-2022-27662 | On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-S... | | |
| CVE-2022-27664 | In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service be... | | |
| CVE-2022-27665 | Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8... | E | |
| CVE-2022-27666 | A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ip... | S | |
| CVE-2022-27667 | Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Cons... | | |
| CVE-2022-27668 | Depending on the configuration of the route permission table in file 'saprouttab', it is possible fo... | E | |
| CVE-2022-27669 | An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application... | | |
| CVE-2022-27670 | SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from a... | | |
| CVE-2022-27671 | A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.... | | |
| CVE-2022-27672 | When SMT is enabled, certain AMD processors may speculatively execute instructions using a target f... | M | |
| CVE-2022-27673 | Insufficient access controls in the AMD Link Android app may potentially result in information discl... | | |
| CVE-2022-27674 | Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypas... | | |
| CVE-2022-27675 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-27676 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-27677 | Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with ... | | |
| CVE-2022-27772 | spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijackin... | E S | |
| CVE-2022-27773 | A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that all... | | |
| CVE-2022-27774 | An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 ... | E | |
| CVE-2022-27775 | An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using... | E | |
| CVE-2022-27776 | A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authenticati... | E | |
| CVE-2022-27777 | A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to... | E S | |
| CVE-2022-27778 | A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `-... | E S | |
| CVE-2022-27779 | libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided wi... | E | |
| CVE-2022-27780 | The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host na... | E | |
| CVE-2022-27781 | libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returne... | E | |
| CVE-2022-27782 | libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been ch... | E | |
| CVE-2022-27783 | Adobe After Effects Stack Buffer Overflow Could Lead To RCE | | |
| CVE-2022-27784 | Adobe After Effects Stack Buffer Overflow Could Lead To RCE | | |
| CVE-2022-27785 | Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-27786 | Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-27787 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-27788 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-27789 | Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-27790 | Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-27791 | Adobe Acrobat Reader DC Font Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2022-27792 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-27793 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-27794 | Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability | | |
| CVE-2022-27795 | Adobe Acrobat Reader DC AcroForm isDefaultChecked Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-27796 | Adobe Acrobat Reader DC AcroForm isBoxChecked Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-27797 | Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-27798 | Adobe Acrobat Reader DC zoomType Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2022-27799 | Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-27800 | Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-27801 | Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-27802 | Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-27803 | Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote aut... | | |
| CVE-2022-27804 | An os command injection vulnerability exists in the web interface util_set_abode_code functionality ... | E | |
| CVE-2022-27805 | An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, I... | | |
| CVE-2022-27806 | On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM... | | |
| CVE-2022-27807 | Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote auth... | | |
| CVE-2022-27808 | Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drive... | | |
| CVE-2022-27810 | It was possible to trigger an infinite recursion condition in the error handler when Hermes executed... | | |
| CVE-2022-27811 | GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image ... | E S | |
| CVE-2022-27812 | Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3... | | |
| CVE-2022-27813 | Unconfigured memory protection modules in Motorola MTM5000 | | |
| CVE-2022-27814 | SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option.... | E | |
| CVE-2022-27815 | SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of... | E S | |
| CVE-2022-27816 | SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service... | E S | |
| CVE-2022-27817 | SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an inform... | E | |
| CVE-2022-27818 | SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial o... | S | |
| CVE-2022-27819 | SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a ... | S | |
| CVE-2022-27820 | OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTT... | | |
| CVE-2022-27821 | Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to ca... | | |
| CVE-2022-27822 | Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows ... | | |
| CVE-2022-27823 | Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SM... | | |
| CVE-2022-27824 | Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior t... | | |
| CVE-2022-27825 | Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Ap... | | |
| CVE-2022-27826 | Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows att... | | |
| CVE-2022-27827 | Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows at... | | |
| CVE-2022-27828 | Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attack... | | |
| CVE-2022-27829 | Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows... | | |
| CVE-2022-27830 | Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to... | | |
| CVE-2022-27831 | Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allo... | | |
| CVE-2022-27832 | Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers ... | | |
| CVE-2022-27833 | Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write b... | | |
| CVE-2022-27834 | Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-202... | | |
| CVE-2022-27835 | Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory writ... | | |
| CVE-2022-27836 | Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Serv... | | |
| CVE-2022-27837 | A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) an... | | |
| CVE-2022-27838 | Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to ac... | | |
| CVE-2022-27839 | Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allo... | | |
| CVE-2022-27840 | Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attc... | | |
| CVE-2022-27841 | Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to vi... | | |
| CVE-2022-27842 | DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execu... | | |
| CVE-2022-27843 | DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitra... | | |
| CVE-2022-27844 | WordPress WPvivid plugin <= 0.9.70 - Arbitrary File Read vulnerability | S | |
| CVE-2022-27845 | WordPress Plausible Analytics plugin <= 1.2.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-27846 | WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Slider Creation / Modification | S | |
| CVE-2022-27847 | WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Template Import | S | |
| CVE-2022-27848 | WordPress Modern Events Calendar Lite plugin <= 6.5.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-27849 | WordPress Simple Ajax Chat plugin <= 20220115 - Sensitive Information Disclosure vulnerability | S | |
| CVE-2022-27850 | WordPress Simple Ajax Chat plugin <= 20220115 - Multiple Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-27851 | WordPress Use Any Font plugin <= 6.1.7 - Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2022-27852 | WordPress KB Support plugin <= 1.5.5 - Multiple Unauth. Stored Cross-Site Scripting (XSS) vulnerabilities | S | |
| CVE-2022-27853 | WordPress Contest Gallery plugin <= 13.1.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-27854 | WordPress Psychological tests & quizzes plugin <= 0.21.19 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-27855 | WordPress Analytics Cat plugin <= 1.0.9 - Plugin Settings change via Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-27856 | WordPress Export All URLs Plugin <= 4.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-27858 | WordPress Activity Log plugin <= 2.8.3 - CSV Injection vulnerability | S | |
| CVE-2022-27859 | WordPress Travel Management plugin <= 2.0 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | E | |
| CVE-2022-27860 | WordPress Footer Text plugin <= 2.0.3 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-27861 | WordPress Ninja Popups Plugin <= 4.7.5 is vulnerable to Open Redirection | | |
| CVE-2022-27862 | WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Arbitrary File Upload leading to RCE | S | |
| CVE-2022-27863 | WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Sensitive Data Exposure vulnerability | S | |
| CVE-2022-27864 | A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.e... | S | |
| CVE-2022-27865 | A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through Desig... | S | |
| CVE-2022-27866 | A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to ... | | |
| CVE-2022-27867 | A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-... | | |
| CVE-2022-27868 | A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulner... | | |
| CVE-2022-27869 | A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allo... | | |
| CVE-2022-27870 | A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated bu... | | |
| CVE-2022-27871 | Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to ... | | |
| CVE-2022-27872 | A maliciously crafted PDF file may be used to dereference a pointer for read or write operation whil... | | |
| CVE-2022-27873 | An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malici... | | |
| CVE-2022-27874 | Improper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.214... | | |
| CVE-2022-27875 | On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F... | | |
| CVE-2022-27876 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-27877 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-27878 | On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Gu... | | |
| CVE-2022-27879 | Improper buffer restrictions in the BIOS firmware for some Intel(R) Processors may allow a privilege... | | |
| CVE-2022-27880 | On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-S... | | |
| CVE-2022-27881 | engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an ... | E S | |
| CVE-2022-27882 | slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-b... | E S | |
| CVE-2022-27883 | A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to crea... | | |
| CVE-2022-27884 | Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.... | E | |
| CVE-2022-27885 | Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities i... | E | |
| CVE-2022-27886 | Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.... | E | |
| CVE-2022-27887 | Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.... | E | |
| CVE-2022-27888 | The Foundry Issues service was found to be logging in a manner that captured session tokens. | M | |
| CVE-2022-27889 | The Foundry Multipass service contains code paths that could be abused to cause a denial of service for authentication and authorization operations. | | |
| CVE-2022-27890 | It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misu... | | |
| CVE-2022-27891 | Palantir Gotham included an unauthenticated endpoint that listed all active usernames in the platform with an active session. | | |
| CVE-2022-27892 | Palantir Gotham included an endpoint that would log arbitrary sized payloads. | | |
| CVE-2022-27893 | The Foundry Magritte plugin osisoft-pi-web-connector was found to be logging in a manner that captured authentication requests. | | |
| CVE-2022-27894 | The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability. | | |
| CVE-2022-27895 | A component in Foundry logging was found to be capturing sensitive information in logs. | | |
| CVE-2022-27896 | The Foundry Code-Workbooks service was found to contain an issue leading to information disclosure. | | |
| CVE-2022-27897 | Palantir Gotham included an endpoint that would log arbitrary sized zip files. | | |
| CVE-2022-27902 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-1215. Reason: This issue was... | R | |
| CVE-2022-27903 | An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0... | | |
| CVE-2022-27904 | Automox Agent for macOS before version 39 was vulnerable to a time-of-check/time-of-use (TOCTOU) rac... | | |
| CVE-2022-27905 | In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An att... | S | |
| CVE-2022-27906 | Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code pat... | | |
| CVE-2022-27907 | Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.... | | |
| CVE-2022-27908 | Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Inj... | S | |
| CVE-2022-27909 | Extension - Incorrect Access Control within jdownloads extension | | |
| CVE-2022-27910 | Extension - Joomlatools - DOCman - Reflected Cross-Site Scripting (XSS) in an image upload function | | |
| CVE-2022-27911 | [20220801] - Core - Multiple Full Path Disclosures because of missing '_JEXEC or die check' | | |
| CVE-2022-27912 | [20221001] - Core - Debug Mode leaks full request payloads including passwords | | |
| CVE-2022-27913 | [20221002] - Core - RXSS through reflection of user input in headings | | |
| CVE-2022-27914 | [20221101] - Core - RXSS through reflection of user input in com_media | | |
| CVE-2022-27915 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-27916 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-27917 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-27918 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-27919 | Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not spe... | M | |
| CVE-2022-27920 | libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggest... | S | |
| CVE-2022-27924 | Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary... | KEV | |
| CVE-2022-27925 | Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archi... | KEV E | |
| CVE-2022-27926 | A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of... | KEV | |
| CVE-2022-27927 | A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used ... | E | |
| CVE-2022-27928 | Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session ... | | |
| CVE-2022-27929 | Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.... | | |
| CVE-2022-27930 | Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-... | | |
| CVE-2022-27931 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initi... | | |
| CVE-2022-27932 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.... | | |
| CVE-2022-27933 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.... | | |
| CVE-2022-27934 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.... | | |
| CVE-2022-27935 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.... | | |
| CVE-2022-27936 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.... | | |
| CVE-2022-27937 | Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.2... | | |
| CVE-2022-27938 | stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable... | E S | |
| CVE-2022-27939 | tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.... | E | |
| CVE-2022-27940 | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.... | E | |
| CVE-2022-27941 | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.... | E | |
| CVE-2022-27942 | tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.... | E | |
| CVE-2022-27943 | libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrate... | E | |
| CVE-2022-27944 | Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dere... | E | |
| CVE-2022-27945 | NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such... | E S | |
| CVE-2022-27946 | NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such... | E S | |
| CVE-2022-27947 | NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such... | E S | |
| CVE-2022-27948 | Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF... | E | |
| CVE-2022-27949 | Apache Airflow prior to 2.3.1 may include sensitive values in rendered template | S | |
| CVE-2022-27950 | In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_... | S | |
| CVE-2022-27952 | An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attack... | E | |
| CVE-2022-27958 | Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.... | E | |
| CVE-2022-27960 | Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 a... | E | |
| CVE-2022-27961 | A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers t... | E | |
| CVE-2022-27962 | Bluecms 1.6 has a SQL injection vulnerability at cooike.... | E | |
| CVE-2022-27963 | Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute ar... | E | |
| CVE-2022-27964 | Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execut... | E | |
| CVE-2022-27965 | Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute ar... | E | |
| CVE-2022-27966 | Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute ... | E | |
| CVE-2022-27967 | Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of excluded file... | E | |
| CVE-2022-27968 | Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of monitored fil... | E | |
| CVE-2022-27969 | Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users v... | E | |
| CVE-2022-27978 | Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily r... | E | |
| CVE-2022-27979 | A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary w... | E | |
| CVE-2022-27982 | RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vu... | | |
| CVE-2022-27983 | RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerabi... | | |
| CVE-2022-27984 | CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter ... | E | |
| CVE-2022-27985 | CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/aler... | E | |
| CVE-2022-27991 | Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at ... | E | |
| CVE-2022-27992 | Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/a... | E |