Vulnerabilities (CVE)

Filtered by CWE-20
Total 11630 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-27897 1 Palantir 1 Gotham 2026-06-17 N/A 5.3 MEDIUM
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zip file, which would allow them to exhaust memory resources on the dispatch server.
CVE-2022-27892 1 Palantir 1 Gotham 2026-06-17 N/A 5.3 MEDIUM
Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service.
CVE-2022-27830 1 Google 1 Android 2026-06-17 7.2 HIGH 8.5 HIGH
Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
CVE-2022-27829 1 Google 1 Android 2026-06-17 7.2 HIGH 8.5 HIGH
Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
CVE-2022-27828 1 Google 1 Android 2026-06-17 7.2 HIGH 8.5 HIGH
Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
CVE-2022-27827 1 Google 1 Android 2026-06-17 7.2 HIGH 8.5 HIGH
Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
CVE-2022-27826 1 Google 1 Android 2026-06-17 7.2 HIGH 8.5 HIGH
Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
CVE-2022-27807 1 Cybozu 1 Garoon 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.
CVE-2022-27803 1 Cybozu 1 Garoon 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.
CVE-2022-27674 4 Amd, Freebsd, Linux and 1 more 4 Amd Uprof, Freebsd, Linux Kernel and 1 more 2026-06-17 N/A 7.5 HIGH
Insufficient validation in the IOCTL input/output buffer in AMD µProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
CVE-2022-27655 1 Sap 1 3d Visual Enterprise Viewer 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-27654 1 Sap 1 3d Visual Enterprise Viewer 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-27634 1 F5 1 Big-ip Access Policy Manager 2026-06-17 6.5 MEDIUM 6.5 MEDIUM
On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2022-27421 1 Chamilo 1 Chamilo Lms 2026-06-17 6.5 MEDIUM 7.2 HIGH
Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.
CVE-2022-27255 1 Realtek 4 Ecos Msdk, Ecos Msdk Firmware, Ecos Rsdk and 1 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.
CVE-2022-27228 1 Bitrix24 1 Bitrix24 2026-06-17 10.0 HIGH 9.8 CRITICAL
In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code.
CVE-2022-26864 1 Dell 68 Alienware M15 R5, Alienware M15 R5 Firmware, G15 5515 and 65 more 2026-06-17 7.2 HIGH 6.3 MEDIUM
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.
CVE-2022-26863 1 Dell 68 Alienware M15 R5, Alienware M15 R5 Firmware, G15 5515 and 65 more 2026-06-17 7.2 HIGH 6.3 MEDIUM
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.
CVE-2022-26862 1 Dell 68 Alienware M15 R5, Alienware M15 R5 Firmware, G15 5515 and 65 more 2026-06-17 7.2 HIGH 6.3 MEDIUM
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.
CVE-2022-26837 1 Intel 454 Core I3-11100he, Core I3-11100he Firmware, Core I3-1110g4 and 451 more 2026-06-17 N/A 7.5 HIGH
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.