Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-28778 1 Samsung 1 Samsung Security Supporter 2026-06-17 2.1 LOW 4.4 MEDIUM
Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission
CVE-2022-28777 1 Samsung 1 Members 2026-06-17 2.1 LOW 4.3 MEDIUM
Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission.
CVE-2022-28776 1 Samsung 1 Galaxy Store 2026-06-17 4.6 MEDIUM 5.9 MEDIUM
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.
CVE-2022-28775 1 Samsung 1 Samsung Flow 2026-06-17 2.1 LOW 5.1 MEDIUM
Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission.
CVE-2022-28761 1 Zoom 1 Zoom On-premise Meeting Connector Mmr 2026-06-17 N/A 6.5 MEDIUM
Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions.
CVE-2022-28760 1 Zoom 1 Zoom On-premise Meeting Connector Mmr 2026-06-17 N/A 6.5 MEDIUM
Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.
CVE-2022-28759 1 Zoom 1 Zoom On-premise Meeting Connector Mmr 2026-06-17 N/A 8.2 HIGH
Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.
CVE-2022-28758 1 Zoom 1 Zoom On-premise Meeting Connector Mmr 2026-06-17 N/A 8.2 HIGH
Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.
CVE-2022-28754 1 Zoom 1 Meeting Connector 2026-06-17 N/A 7.1 HIGH
Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.
CVE-2022-28753 1 Zoom 1 Meeting Connector 2026-06-17 N/A 7.1 HIGH
Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.
CVE-2022-28749 1 Zoom 1 On-premise Meeting Connector Multimedia Router 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. As a result, a threat actor in the Zooms waiting room can join the meeting without the consent of the host.
CVE-2022-28742 1 Aenrich 1 A\+hrd 2026-06-17 N/A 7.5 HIGH
aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application
CVE-2022-28718 1 Cybozu 1 Garoon 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.
CVE-2022-28709 1 Intel 2 Ethernet Controller E810, Ethernet Controller E810 Firmware 2026-06-17 N/A 4.4 MEDIUM
Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.1.9 may allow a privileged user to potentially enable denial of service via local access.
CVE-2022-28704 1 Rakuten 1 Casa 2026-06-17 9.0 HIGH 7.2 HIGH
Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings.
CVE-2022-28689 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2026-06-17 N/A 8.8 HIGH
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-28612 1 Custom Popup Builder Project 1 Custom Popup Builder 2026-06-17 3.5 LOW 5.4 MEDIUM
Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress.
CVE-2022-28356 2 Debian, Linux 2 Debian Linux, Linux Kernel 2026-06-17 2.1 LOW 5.5 MEDIUM
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
CVE-2022-28244 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2026-06-17 4.3 MEDIUM 6.3 MEDIUM
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a violation of secure design principles through bypassing the content security policy, which could result in an attacker sending arbitrarily configured requests to the cross-origin attack target domain. Exploitation requires user interaction in which the victim needs to access a crafted PDF file on an attacker's server.
CVE-2022-28173 1 Hikvision 4 Ds-3wf01c-2n\/o, Ds-3wf01c-2n\/o Firmware, Ds-3wf0ac-2nt and 1 more 2026-06-17 N/A 9.1 CRITICAL
The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.