Total
2610 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29614 | 1 Sap | 2 Host Agent, Netweaver Abap | 2026-06-17 | 4.6 MEDIUM | 5.0 MEDIUM |
| SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. | |||||
| CVE-2022-29587 | 1 Konicaminolta | 90 Bizhub 226i, Bizhub 226i Firmware, Bizhub 227 and 87 more | 2026-06-17 | 4.7 MEDIUM | 4.0 MEDIUM |
| Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root (aka superuser) access privileges. | |||||
| CVE-2022-29526 | 4 Fedoraproject, Golang, Linux and 1 more | 4 Fedora, Go, Linux Kernel and 1 more | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. | |||||
| CVE-2022-29333 | 1 Cyberlink | 1 Powerdirector | 2026-06-17 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. | |||||
| CVE-2022-29218 | 1 Rubygems | 1 Rubygems.org | 2026-06-17 | 5.0 MEDIUM | 7.7 HIGH |
| RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems (with platforms ending in numbers, like `arm64-darwin-21`) to be temporarily replaced in the CDN cache by a malicious package. The bug has been patched, and is believed to have never been exploited, based on an extensive review of logs and existing gems by rubygems. The easiest way to ensure that an application has not been exploited by this vulnerability is to verify all downloaded .gems checksums match the checksum recorded in the RubyGems.org database. RubyGems.org has been patched and is no longer vulnerable to this issue. | |||||
| CVE-2022-29179 | 1 Cilium | 1 Cilium | 2026-06-17 | 7.2 HIGH | 7.5 HIGH |
| Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cilium is installed, the attacker can escalate privileges to cluster admin by using Cilium's Kubernetes service account. The problem has been fixed and the patch is available in versions 1.9.16, 1.10.11, and 1.11.5. There are no known workarounds available. | |||||
| CVE-2022-28169 | 1 Broadcom | 1 Fabric Operating System | 2026-06-17 | N/A | 8.8 HIGH |
| Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header. | |||||
| CVE-2022-27677 | 1 Amd | 1 Ryzen Master | 2026-06-17 | N/A | 7.8 HIGH |
| Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user. | |||||
| CVE-2022-27659 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface (TMUI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-27487 | 1 Fortinet | 2 Fortideceptor, Fortisandbox | 2026-06-17 | N/A | 8.8 HIGH |
| A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests. | |||||
| CVE-2022-26795 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2022-26251 | 1 Synametrics | 1 Synaman | 2026-06-17 | 9.0 HIGH | 7.2 HIGH |
| The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. | |||||
| CVE-2022-26118 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2026-06-17 | N/A | 6.7 MEDIUM |
| A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system. | |||||
| CVE-2022-26113 | 1 Fortinet | 1 Forticlient | 2026-06-17 | N/A | 7.7 HIGH |
| An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system. | |||||
| CVE-2022-26057 | 1 Abb | 1 Mint Workbench | 2026-06-17 | 7.2 HIGH | 6.7 MEDIUM |
| Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product | |||||
| CVE-2022-25782 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2026-06-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7. | |||||
| CVE-2022-25636 | 4 Debian, Linux, Netapp and 1 more | 13 Debian Linux, Linux Kernel, H300e and 10 more | 2026-06-17 | 6.9 MEDIUM | 7.8 HIGH |
| net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. | |||||
| CVE-2022-25631 | 1 Broadcom | 1 Symantec Endpoint Protection | 2026-06-17 | N/A | 7.8 HIGH |
| Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated | |||||
| CVE-2022-25372 | 2 Microsoft, Pritunl | 2 Windows, Pritunl-client-electron | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. | |||||
| CVE-2022-25311 | 1 Siemens | 2 Sinec Network Management System, Sinema Server | 2026-06-17 | 6.5 MEDIUM | 7.3 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation. | |||||