Vulnerabilities (CVE)

Filtered by CWE-20
Total 11665 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-27827 1 Google 1 Android 2026-06-17 7.2 HIGH 8.5 HIGH
Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
CVE-2022-27826 1 Google 1 Android 2026-06-17 7.2 HIGH 8.5 HIGH
Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
CVE-2022-27807 1 Cybozu 1 Garoon 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.
CVE-2022-27803 1 Cybozu 1 Garoon 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.
CVE-2022-27674 4 Amd, Freebsd, Linux and 1 more 4 Amd Uprof, Freebsd, Linux Kernel and 1 more 2026-06-17 N/A 7.5 HIGH
Insufficient validation in the IOCTL input/output buffer in AMD µProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.
CVE-2022-27655 1 Sap 1 3d Visual Enterprise Viewer 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-27654 1 Sap 1 3d Visual Enterprise Viewer 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-27634 1 F5 1 Big-ip Access Policy Manager 2026-06-17 6.5 MEDIUM 6.5 MEDIUM
On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2022-27421 1 Chamilo 1 Chamilo Lms 2026-06-17 6.5 MEDIUM 7.2 HIGH
Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.
CVE-2022-27255 1 Realtek 4 Ecos Msdk, Ecos Msdk Firmware, Ecos Rsdk and 1 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.
CVE-2022-27228 1 Bitrix24 1 Bitrix24 2026-06-17 10.0 HIGH 9.8 CRITICAL
In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code.
CVE-2022-26864 1 Dell 68 Alienware M15 R5, Alienware M15 R5 Firmware, G15 5515 and 65 more 2026-06-17 7.2 HIGH 6.3 MEDIUM
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.
CVE-2022-26863 1 Dell 68 Alienware M15 R5, Alienware M15 R5 Firmware, G15 5515 and 65 more 2026-06-17 7.2 HIGH 6.3 MEDIUM
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.
CVE-2022-26862 1 Dell 68 Alienware M15 R5, Alienware M15 R5 Firmware, G15 5515 and 65 more 2026-06-17 7.2 HIGH 6.3 MEDIUM
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.
CVE-2022-26837 1 Intel 454 Core I3-11100he, Core I3-11100he Firmware, Core I3-1110g4 and 451 more 2026-06-17 N/A 7.5 HIGH
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-26780 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2026-06-17 6.5 MEDIUM 8.8 HIGH
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_init` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution.
CVE-2022-26707 1 Apple 1 Macos 2026-06-17 N/A 5.5 MEDIUM
An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information.
CVE-2022-26655 1 Pexip 1 Pexip Infinity 2026-06-17 5.0 MEDIUM 7.5 HIGH
Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.
CVE-2022-26582 1 Paxtechnology 2 A930, Paydroid 2026-06-17 N/A 7.8 HIGH
PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the device in order to exploit this vulnerability.
CVE-2022-26531 1 Zyxel 130 Atp100, Atp100 Firmware, Atp100w and 127 more 2026-06-17 4.6 MEDIUM 6.1 MEDIUM
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.