Vulnerabilities (CVE)

Filtered by CWE-20
Total 11613 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-47502 1 Apache 1 Openoffice 2026-06-17 N/A 7.8 HIGH
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution.
CVE-2022-47392 1 Codesys 17 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 14 more 2026-06-17 N/A 6.5 MEDIUM
An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.
CVE-2022-47391 1 Codesys 17 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 14 more 2026-06-17 N/A 7.5 HIGH
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.
CVE-2022-47378 1 Codesys 17 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 14 more 2026-06-17 N/A 6.5 MEDIUM
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.
CVE-2022-47353 2 Google, Unisoc 7 Android, S8000, T610 and 4 more 2026-06-17 N/A 4.4 MEDIUM
In vdsp device, there is a possible system crash due to improper input validation.This could lead to local denial of service with System execution privileges needed
CVE-2022-47185 1 Apache 1 Traffic Server 2026-06-17 N/A 7.5 HIGH
Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.
CVE-2022-47100 1 Sengled 2 Es21-n1eaw, Es21-n1eaw Firmware 2026-06-17 N/A 7.5 HIGH
A vulnerability in Sengled Smart bulb 0x0000024 allows attackers to arbitrarily perform a factory reset on the device via a crafted IEEE 802.15.4 frame.
CVE-2022-46768 1 Zabbix 2 Web Service Report Generation, Zabbix-agent2 2026-06-17 N/A 5.9 MEDIUM
Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files.
CVE-2022-46701 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2026-06-17 N/A 7.8 HIGH
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2. Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges.
CVE-2022-46401 1 Microchip 24 Bm64, Bm64 Firmware, Bm70 and 21 more 2026-06-17 N/A 5.4 MEDIUM
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.
CVE-2022-46372 1 Alotceriot 2 Ar7088h-a, Ar7088h-a Firmware 2026-06-17 N/A 7.2 HIGH
Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified input field may allow Authenticated command execution.
CVE-2022-46363 1 Apache 1 Cxf 2026-06-17 N/A 7.5 HIGH
A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.
CVE-2022-46328 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 7.5 HIGH
Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-45875 1 Apache 1 Dolphinscheduler 2026-06-17 N/A 9.8 CRITICAL
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users which can login to DS.
CVE-2022-45872 1 Iterm2 1 Iterm2 2026-06-17 N/A 9.8 CRITICAL
iTerm2 before 3.4.18 mishandles a DECRQSS response.
CVE-2022-45871 1 F-secure 1 Atlant 2026-06-17 N/A 4.3 MEDIUM
A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing ICAP request. The exploit can be triggered remotely by an attacker.
CVE-2022-45770 1 Adguard 1 Adguard 2026-06-17 N/A 7.8 HIGH
Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation.
CVE-2022-45470 1 Apache 1 Hama 2026-06-17 N/A 7.5 HIGH
missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.
CVE-2022-45469 4 Apple, Google, Intel and 1 more 4 Iphone Os, Android, Unison Software and 1 more 2026-06-17 N/A 2.2 LOW
Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-45113 1 Sixapart 1 Movable Type 2026-06-17 N/A 6.5 MEDIUM
Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier.