Total
2370 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27645 | 1 Netgear | 46 Lax20, Lax20 Firmware, R6400 and 43 more | 2026-06-17 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762. | |||||
| CVE-2022-27623 | 1 Synology | 1 Diskstation Manager | 2026-06-17 | N/A | 7.4 HIGH |
| Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors. | |||||
| CVE-2022-27586 | 1 Sick | 2 Sim1004-0p0g311, Sim1004-0p0g311 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version <2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.0.0 as soon as possible (available in SICK Support Portal). | |||||
| CVE-2022-27585 | 1 Sick | 2 Sim1000 Fx, Sim1000 Fx Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version <1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.6.0 as soon as possible (available in SICK Support Portal). | |||||
| CVE-2022-27584 | 1 Sick | 2 Sim2000st, Sim2000st Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.7.0 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM2000ST. A fix is planned but not yet scheduled. | |||||
| CVE-2022-27582 | 1 Sick | 14 Sim1000 Fx, Sim1000 Fx Firmware, Sim1004 and 11 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The firmware versions <=1.10.1 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM4000. A fix is planned but not yet scheduled. | |||||
| CVE-2022-27495 | 1 F5 | 1 Nginx Service Mesh | 2026-06-17 | 3.3 LOW | 6.5 MEDIUM |
| On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-27332 | 1 Zammad | 1 Zammad | 2026-06-17 | 5.8 MEDIUM | 9.1 CRITICAL |
| An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS). | |||||
| CVE-2022-27169 | 1 Openautomationsoftware | 1 Oas Platform | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2022-26971 | 1 Barco | 1 Control Room Management Suite | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication. | |||||
| CVE-2022-26925 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2026-06-17 | 4.3 MEDIUM | 8.1 HIGH |
| Windows LSA Spoofing Vulnerability | |||||
| CVE-2022-26833 | 1 Openautomationsoftware | 1 Oas Platform | 2026-06-17 | 7.5 HIGH | 9.4 CRITICAL |
| An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2022-26501 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). | |||||
| CVE-2022-26394 | 1 Baxter | 8 Baxter Spectrum Iq 35700bax3, Baxter Spectrum Iq 35700bax3 Firmware, Sigma Spectrum 35700bax and 5 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This may allow an attacker to perform a man in the middle attack that modifies parameters making the network connection fail. | |||||
| CVE-2022-26303 | 1 Openautomationsoftware | 1 Oas Platform | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26267 | 1 Piwigo | 1 Piwigo | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php. | |||||
| CVE-2022-26143 | 1 Mitel | 2 Micollab, Mivoice Business Express | 2026-06-17 | 9.0 HIGH | 9.8 CRITICAL |
| The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic). This was exploited in the wild in February and March 2022 for the TP240PhoneHome DDoS attack. | |||||
| CVE-2022-26082 | 1 Openautomationsoftware | 1 Oas Platform | 2026-06-17 | 7.5 HIGH | 9.1 CRITICAL |
| A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26067 | 1 Openautomationsoftware | 1 Oas Platform | 2026-06-17 | 5.0 MEDIUM | 4.9 MEDIUM |
| An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26043 | 1 Openautomationsoftware | 1 Oas Platform | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability. | |||||