Vulnerabilities (CVE)

Filtered by CWE-287
Total 4205 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4126 4 Abb, Apple, Linux and 1 more 4 Rccmd, Macos, Linux Kernel and 1 more 2026-06-17 N/A 9.6 CRITICAL
Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207.
CVE-2022-4002 1 Motorola 2 Q14, Q14 Firmware 2026-06-17 N/A 7.2 HIGH
A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request.
CVE-2022-4001 2026-06-17 N/A 7.3 HIGH
An authentication bypass vulnerability could allow an attacker to access API functions without authentication.
CVE-2022-48575 1 Apple 1 Macos 2026-06-17 N/A 3.5 LOW
A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4.
CVE-2022-48496 1 Huawei 1 Emui 2026-06-17 N/A 7.5 HIGH
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.
CVE-2022-48494 1 Huawei 1 Emui 2026-06-17 N/A 7.5 HIGH
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.
CVE-2022-48364 1 Joinmastodon 1 Mastodon 2026-06-17 N/A 4.3 MEDIUM
The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive.
CVE-2022-48314 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 6.5 MEDIUM
The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48305 1 Huawei 2 Simba-al00, Simba-al00 Firmware 2026-06-17 N/A 5.5 MEDIUM
There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. Successful exploitation of this vulnerability may cause the access control function of specific applications to fail.
CVE-2022-48294 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 7.5 HIGH
The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-48254 1 Huawei 2 Leia-b29, Leia-b29 Firmware 2026-06-17 N/A 4.6 MEDIUM
There is a data processing error vulnerability in Leia-B29 2.0.0.49(M03). Successful exploitation could bypass lock screen authentication.
CVE-2022-48195 1 Mellium 1 Sasl 2026-06-17 N/A 9.8 CRITICAL
An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if paired with a remote end that does not validate the length of the nonce) could lead to insufficient randomness being used during authentication.
CVE-2022-48066 1 Totolink 2 A830r, A830r Firmware 2026-06-17 N/A 9.8 CRITICAL
An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie.
CVE-2022-47976 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 7.5 HIGH
The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections.
CVE-2022-47974 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 6.5 MEDIUM
The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.
CVE-2022-47848 1 Bezeq 4 Vtech Iad604-il, Vtech Iad604-il Firmware, Vtech Nb403-il and 1 more 2026-06-17 N/A 7.5 HIGH
An issue was discovered in Bezeq Vtech NB403-IL version BZ_2.02.07.09.13.01 and Vtech IAD604-IL versions BZ_2.02.07.09.13.01, BZ_2.02.07.09.13T, and BZ_2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service.
CVE-2022-47633 1 Kyverno 1 Kyverno 2026-06-17 N/A 8.1 HIGH
An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations are available for impacted releases.
CVE-2022-47408 1 Fp Newsletter Project 1 Fp Newsletter 2026-06-17 N/A 9.1 CRITICAL
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.
CVE-2022-47209 1 Netgear 2 Rax30, Rax30 Firmware 2026-06-17 N/A 8.8 HIGH
A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means.
CVE-2022-46875 2 Apple, Mozilla 4 Macos, Firefox, Firefox Esr and 1 more 2026-06-17 N/A 6.5 MEDIUM
The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.