Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-26318 1 Watchguard 1 Fireware 2026-06-17 7.5 HIGH 9.8 CRITICAL
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
CVE-2022-26310 1 Pandorafms 1 Pandora Fms 2026-06-17 N/A 7.3 HIGH
Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user.
CVE-2022-26308 1 Pandorafms 1 Pandora Fms 2026-06-17 N/A 3.7 LOW
Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role.
CVE-2022-26307 2 Debian, Libreoffice 2 Debian Linux, Libreoffice 2026-06-17 N/A 8.8 HIGH
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3.
CVE-2022-26272 1 Ionizecms 1 Ionize 2026-06-17 7.5 HIGH 9.8 CRITICAL
A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php.
CVE-2022-26198 1 Notable 1 Notable 2026-06-17 7.5 HIGH 9.8 CRITICAL
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field.
CVE-2022-26090 1 Google 1 Android 2026-06-17 2.1 LOW 5.3 MEDIUM
Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission.
CVE-2022-26054 1 Cybozu 1 Garoon 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.
CVE-2022-26051 1 Cybozu 1 Garoon 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.
CVE-2022-26024 1 Intel 22 Nuc7i3dnbe, Nuc7i3dnbe Firmware, Nuc7i3dnhe and 19 more 2026-06-17 N/A 6.7 MEDIUM
Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-26023 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2026-06-17 N/A 6.5 MEDIUM
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-26017 1 Intel 1 Driver \& Support Assistant 2026-06-17 N/A 8.0 HIGH
Improper access control in the Intel(R) DSA software for before version 22.2.14 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2022-25995 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-25987 1 Intel 2 C\+\+ Compiler Classic, Oneapi Toolkits 2026-06-17 N/A 8.3 HIGH
Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler Classic before version 2021.6 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVE-2022-25986 1 Cybozu 1 Office 2026-06-17 N/A 4.3 MEDIUM
Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.
CVE-2022-25966 1 Intel 1 Edge Insights For Industrial 2026-06-17 N/A 7.8 HIGH
Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-25962 1 Vagrant.js Project 1 Vagrant.js 2026-06-17 N/A 7.4 HIGH
All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization.
CVE-2022-25940 1 Lite-server Project 1 Lite-server 2026-06-17 N/A 7.5 HIGH
All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
CVE-2022-25926 1 Window-control Project 1 Window-control 2026-06-17 N/A 7.4 HIGH
Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.
CVE-2022-25923 1 Exec-local-bin Project 1 Exec-local-bin 2026-06-17 N/A 7.4 HIGH
Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization.