Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-38134 1 Cusrev 1 Customer Reviews For Woocommerce 2026-06-17 N/A 4.3 MEDIUM
Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.
CVE-2022-38125 1 Secomea 24 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 21 more 2026-06-17 N/A 2.9 LOW
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.
CVE-2022-38104 1 Oxilab 1 Accordions 2026-06-17 N/A 7.2 HIGH
Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari's Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress.
CVE-2022-38100 1 Contechealth 2 Cms8000, Cms8000 Firmware 2026-06-17 N/A 7.5 HIGH
The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent that causes a mass denial-of-service attack on all CME8000 devices connected to the same network.
CVE-2022-38090 1 Intel 454 Celeron J1750, Celeron J1750 Firmware, Celeron J1800 and 451 more 2026-06-17 N/A 6.0 MEDIUM
Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access.
CVE-2022-38070 1 Mypopups 1 Pop-up 2026-06-17 N/A 5.4 MEDIUM
Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress.
CVE-2022-38058 1 Wpvar 1 Wp Shamsi 2026-06-17 N/A 4.3 MEDIUM
Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress.
CVE-2022-37959 1 Microsoft 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more 2026-06-17 N/A 6.5 MEDIUM
Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability
CVE-2022-37953 1 Ge 1 Workstationst 2026-06-17 N/A 4.7 MEDIUM
An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.
CVE-2022-37918 1 Arubanetworks 1 Airwave 2026-06-17 N/A 8.1 HIGH
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.
CVE-2022-37917 1 Arubanetworks 1 Airwave 2026-06-17 N/A 8.1 HIGH
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.
CVE-2022-37916 1 Arubanetworks 1 Airwave 2026-06-17 N/A 8.1 HIGH
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.
CVE-2022-37843 1 Totolink 2 A860r, A860r Firmware 2026-06-17 N/A 9.8 CRITICAL
In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in a command injection vulnerability.
CVE-2022-37734 1 Graphql-java Project 1 Graphql-java 2026-06-17 N/A 7.5 HIGH
graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9.
CVE-2022-37458 1 Discourse 1 Discourse 2026-06-17 N/A 7.2 HIGH
Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate.
CVE-2022-37409 1 Intel 1 Integrated Performance Primitives Cryptography 2026-06-17 N/A 4.7 MEDIUM
Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-37344 1 Accommodation-system Project 1 Accommodation-system 2026-06-17 N/A 7.6 HIGH
Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress.
CVE-2022-37343 1 Intel 228 Atom C3308, Atom C3308 Firmware, Atom C3336 and 225 more 2026-06-17 N/A 7.2 HIGH
Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-37316 1 Rsa 1 Archer 2026-06-17 N/A 6.5 MEDIUM
Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 (6.10.0.3.1) is also a fixed release.
CVE-2022-37190 1 Cuppacms 1 Cuppacms 2026-06-17 N/A 8.8 HIGH
CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php.