Vulnerabilities (CVE)

Filtered by CWE-287
Total 4202 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-48575 1 Apple 1 Macos 2026-06-17 N/A 3.5 LOW
A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4.
CVE-2022-48496 1 Huawei 1 Emui 2026-06-17 N/A 7.5 HIGH
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.
CVE-2022-48494 1 Huawei 1 Emui 2026-06-17 N/A 7.5 HIGH
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.
CVE-2022-48364 1 Joinmastodon 1 Mastodon 2026-06-17 N/A 4.3 MEDIUM
The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive.
CVE-2022-48314 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 6.5 MEDIUM
The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48305 1 Huawei 2 Simba-al00, Simba-al00 Firmware 2026-06-17 N/A 5.5 MEDIUM
There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. Successful exploitation of this vulnerability may cause the access control function of specific applications to fail.
CVE-2022-48294 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 7.5 HIGH
The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-48254 1 Huawei 2 Leia-b29, Leia-b29 Firmware 2026-06-17 N/A 4.6 MEDIUM
There is a data processing error vulnerability in Leia-B29 2.0.0.49(M03). Successful exploitation could bypass lock screen authentication.
CVE-2022-48195 1 Mellium 1 Sasl 2026-06-17 N/A 9.8 CRITICAL
An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if paired with a remote end that does not validate the length of the nonce) could lead to insufficient randomness being used during authentication.
CVE-2022-48066 1 Totolink 2 A830r, A830r Firmware 2026-06-17 N/A 9.8 CRITICAL
An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie.
CVE-2022-47976 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 7.5 HIGH
The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections.
CVE-2022-47974 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 6.5 MEDIUM
The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.
CVE-2022-47848 1 Bezeq 4 Vtech Iad604-il, Vtech Iad604-il Firmware, Vtech Nb403-il and 1 more 2026-06-17 N/A 7.5 HIGH
An issue was discovered in Bezeq Vtech NB403-IL version BZ_2.02.07.09.13.01 and Vtech IAD604-IL versions BZ_2.02.07.09.13.01, BZ_2.02.07.09.13T, and BZ_2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service.
CVE-2022-47633 1 Kyverno 1 Kyverno 2026-06-17 N/A 8.1 HIGH
An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations are available for impacted releases.
CVE-2022-47408 1 Fp Newsletter Project 1 Fp Newsletter 2026-06-17 N/A 9.1 CRITICAL
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.
CVE-2022-47209 1 Netgear 2 Rax30, Rax30 Firmware 2026-06-17 N/A 8.8 HIGH
A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means.
CVE-2022-46875 2 Apple, Mozilla 4 Macos, Firefox, Firefox Esr and 1 more 2026-06-17 N/A 6.5 MEDIUM
The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.
CVE-2022-46829 1 Jetbrains 1 Jetbrains Gateway 2026-06-17 N/A 7.1 HIGH
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.
CVE-2022-46773 1 Ibm 3 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak 2026-06-17 N/A 4.3 MEDIUM
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.
CVE-2022-46411 1 Veritas 2 Access Appliance, Netbackup Flex Scale Appliance 2026-06-17 N/A 8.8 HIGH
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.