Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-32261 1 Siemens 1 Sinema Remote Connect Server 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application.
CVE-2022-32260 1 Siemens 1 Sinema Remote Connect Server 2026-06-17 7.5 HIGH 6.5 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.
CVE-2022-32259 1 Siemens 1 Sinema Remote Connect Server 2026-06-17 6.4 MEDIUM 6.5 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration.
CVE-2022-32258 1 Siemens 1 Sinema Remote Connect Server 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure.
CVE-2022-32256 1 Siemens 1 Sinema Remote Connect Server 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information.
CVE-2022-32255 1 Siemens 1 Sinema Remote Connect Server 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information.
CVE-2022-32229 1 Rocket.chat 1 Rocket.chat 2026-06-17 N/A 4.3 MEDIUM
A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection.
CVE-2022-32228 1 Rocket.chat 1 Rocket.chat 2026-06-17 N/A 4.3 MEDIUM
An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing $regex queries to enumerate arbitrary Message IDs.
CVE-2022-31884 1 Marvalglobal 1 Marval Msm 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.
CVE-2022-31876 1 Netgear 2 Wnap320, Wnap320 Firmware 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies.
CVE-2022-31708 1 Vmware 1 Vrealize Operations 2026-06-17 N/A 4.9 MEDIUM
vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.
CVE-2022-31704 1 Vmware 1 Vrealize Log Insight 2026-06-17 N/A 9.8 CRITICAL
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
CVE-2022-31687 1 Vmware 1 Workspace One Assist 2026-06-17 N/A 9.8 CRITICAL
VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.
CVE-2022-31683 1 Pivotal Software 1 Concourse 2026-06-17 N/A 5.4 MEDIUM
Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team.
CVE-2022-31609 1 Nvidia 1 Virtual Gpu 2026-06-17 N/A 7.8 HIGH
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure.
CVE-2022-31589 1 Sap 3 Erp Financial Accounting, Erp Localization For Cee Countries, S\/4hana 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.
CVE-2022-31496 1 Librehealth 1 Librehealth Ehr 2026-06-17 9.0 HIGH 8.8 HIGH
LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.
CVE-2022-31476 1 Intel 1 System Usage Report 2026-06-17 N/A 5.5 MEDIUM
Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2022-31257 1 Mendix 1 Mendix 2026-06-17 5.0 MEDIUM 7.5 HIGH
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version, it’s possible to change that user’s password bypassing password validations within a Mendix application. This could allow to set weak passwords.
CVE-2022-31247 1 Suse 1 Rancher 2026-06-17 N/A 9.1 CRITICAL
An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16.