Total
2925 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45956 | 1 Boa | 1 Boa | 2026-06-17 | N/A | 5.3 MEDIUM |
| Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism. | |||||
| CVE-2022-45891 | 1 Planetestream | 1 Planet Estream | 2026-06-17 | N/A | 9.1 CRITICAL |
| Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform unauthenticated uploads (Upload2.ashx) or access content uploaded by other users (View.aspx after Ajax.asmx/SaveGrantAccessList). | |||||
| CVE-2022-45760 | 1 Sens Project | 1 Sens | 2026-06-17 | N/A | 8.8 HIGH |
| SENS v1.0 is vulnerable to Incorrect Access Control vulnerability. | |||||
| CVE-2022-45544 | 1 Schlix | 1 Cms | 2026-06-17 | N/A | 8.8 HIGH |
| Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme that was obtained from a trusted source or was developed for their own website. Only an admin can upload such code, not someone else in an "attacker" role. | |||||
| CVE-2022-45435 | 1 Sailpoint | 1 Identityiq | 2026-06-17 | N/A | 6.8 MEDIUM |
| IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration. | |||||
| CVE-2022-45383 | 1 Jenkins | 1 Support Core | 2026-06-17 | N/A | 6.5 MEDIUM |
| An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission. | |||||
| CVE-2022-45353 | 1 Muffingroup | 1 Betheme | 2026-06-17 | N/A | 4.3 MEDIUM |
| Broken Access Control in Betheme theme <= 26.6.1 on WordPress. | |||||
| CVE-2022-45172 | 1 Liveboxcloud | 1 Vdesk | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by flaws in authorization logic, through which a malicious user (with no privileges) is able to perform privilege escalation to the administrator role, and steal the accounts of any users on the system. | |||||
| CVE-2022-45168 | 1 Liveboxcloud | 1 Vdesk | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes before checking the TOTP. | |||||
| CVE-2022-45128 | 1 Intel | 1 Endpoint Management Assistant | 2026-06-17 | N/A | 5.0 MEDIUM |
| Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-44039 | 1 Franklinfueling | 1 Colibri Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ¶¶ An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of "fopen" system function with the mode "wb" which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password. | |||||
| CVE-2022-43940 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2026-06-17 | N/A | 8.8 HIGH |
| Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. | |||||
| CVE-2022-43872 | 2 Ibm, Linux | 4 Aix, Financial Transaction Manager, Linux On Ibm Z and 1 more | 2026-06-17 | N/A | 5.3 MEDIUM |
| IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. event log entries) about the FTM SWIFT system. IBM X-Force ID: 239708. | |||||
| CVE-2022-43770 | 1 Hitachivantara | 1 Pentaho Business Analytics | 2026-06-17 | N/A | 5.4 MEDIUM |
| Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API. | |||||
| CVE-2022-43515 | 1 Zabbix | 1 Frontend | 2026-06-17 | N/A | 5.3 MEDIUM |
| Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range. | |||||
| CVE-2022-43465 | 1 Intel | 1 Setup And Configuration Software | 2026-06-17 | N/A | 5.0 MEDIUM |
| Improper authorization in the Intel(R) SCS software all versions may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-43438 | 1 Easy Test Project | 1 Easy Test | 2026-06-17 | N/A | 8.8 HIGH |
| The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service. | |||||
| CVE-2022-42978 | 1 Atlassian | 1 Confluence Data Center | 2026-06-17 | N/A | 7.5 HIGH |
| In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system. | |||||
| CVE-2022-42975 | 1 Phoenixframework | 1 Phoenix | 2026-06-17 | N/A | 7.5 HIGH |
| socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token. | |||||
| CVE-2022-42788 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location information. | |||||