Vulnerabilities (CVE)

Filtered by CWE-287
Total 4197 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-39205 1 Onedev Project 1 Onedev 2026-06-17 N/A 9.0 CRITICAL
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. In versions of Onedev prior to 7.3.0 unauthenticated users can take over a OneDev instance if there is no properly configured reverse proxy. The /git-prereceive-callback endpoint is used by the pre-receive git hook on the server to check for branch protections during a push event. It is only intended to be accessed from localhost, but the check relies on the X-Forwarded-For header. Invoking this endpoint leads to the execution of one of various git commands. The environment variables of this command execution can be controlled via query parameters. This allows attackers to write to arbitrary files, which can in turn lead to the execution of arbitrary code. Such an attack would be very hard to detect, which increases the potential impact even more. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2022-39184 1 Exfo 2 Bv-10, Bv-10 Firmware 2026-06-17 N/A 9.8 CRITICAL
EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass.
CVE-2022-39042 1 Aenrich 1 A\+hrd 2026-06-17 N/A 9.8 CRITICAL
aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service.
CVE-2022-39038 1 Flowring 1 Agentflow 2026-06-17 N/A 8.8 HIGH
Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service.
CVE-2022-39018 1 M-files 1 Hubshare 2026-06-17 N/A 8.2 HIGH
Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL.
CVE-2022-39009 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 9.8 CRITICAL
The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions.
CVE-2022-38982 1 Huawei 1 Harmonyos 2026-06-17 N/A 9.8 CRITICAL
The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.
CVE-2022-38744 1 Rockwellautomation 1 Factorytalk Alarms And Events 2026-06-17 N/A 7.5 HIGH
An unauthenticated attacker with network access to a victim's Rockwell Automation FactoryTalk Alarm and Events service could open a connection, causing the service to fault and become unavailable. The affected port could be used as a server ping port and uses messages structured with XML.
CVE-2022-38700 1 Openharmony 1 Openharmony 2026-06-17 N/A 8.8 HIGH
OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service.
CVE-2022-38557 1 Dlink 2 Dir-845l, Dir-845l Firmware 2026-06-17 N/A 9.8 CRITICAL
D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.
CVE-2022-38556 1 Trendnet 2 Tew733gr, Tew733gr Firmware 2026-06-17 N/A 9.8 CRITICAL
Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.
CVE-2022-38399 1 Planex 4 Cs-qr10, Cs-qr10 Firmware, Cs-qr20 and 1 more 2026-06-17 N/A 6.8 MEDIUM
Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product's specific serial connection
CVE-2022-38368 1 Aviatrix 1 Gateway 2026-06-17 N/A 8.8 HIGH
An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.
CVE-2022-38336 1 Mobatek 1 Mobaxterm 2026-06-17 N/A 8.1 HIGH
An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication.
CVE-2022-38180 1 Jetbrains 1 Ktor 2026-06-17 N/A 5.3 MEDIUM
In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases
CVE-2022-38119 1 Upspowercom 1 Upsmon Pro 2026-06-17 N/A 9.8 CRITICAL
UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service.
CVE-2022-38081 1 Openharmony 1 Openharmony 2026-06-17 N/A 6.2 MEDIUM
OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system.
CVE-2022-38064 1 Openharmony 1 Openharmony 2026-06-17 N/A 6.2 MEDIUM
OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information.
CVE-2022-37931 1 Hp 1 Nonstop Netbatch-plus 2026-06-17 N/A 7.3 HIGH
A vulnerability in NetBatch-Plus software allows unauthorized access to the application.  HPE has provided a workaround and fix. Please refer to HPE Security Bulletin HPESBNS04388 for details.
CVE-2022-37914 1 Arubanetworks 1 Aruba Edgeconnect Enterprise Orchestrator 2026-06-17 N/A 9.8 CRITICAL
Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned.