Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25921 1 Morgan-json Project 1 Morgan-json 2026-06-17 N/A 8.1 HIGH
All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor.
CVE-2022-25916 1 Mt7688-wiscan Project 1 Mt7688-wiscan 2026-06-17 N/A 7.4 HIGH
Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function.
CVE-2022-25915 1 Elecom 46 Edwrc-2533gst2, Edwrc-2533gst2 Firmware, Wmc-2hc-w and 43 more 2026-06-17 5.8 MEDIUM 8.8 HIGH
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors.
CVE-2022-25908 1 Create-choo-electron Project 1 Create-choo-electron 2026-06-17 N/A 7.4 HIGH
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
CVE-2022-25890 1 Wifey Project 1 Wifey 2026-06-17 N/A 7.4 HIGH
All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization.
CVE-2022-25855 1 Create-choo-app3 Project 1 Create-choo-app3 2026-06-17 N/A 7.4 HIGH
All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
CVE-2022-25853 1 Semver-tags Project 1 Semver-tags 2026-06-17 N/A 7.4 HIGH
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization.
CVE-2022-25831 1 Google 1 Android 2026-06-17 1.9 LOW 2.0 LOW
Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.
CVE-2022-25824 1 Samsung 1 Bixby Touch 2026-06-17 2.1 LOW 4.0 MEDIUM
Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.
CVE-2022-25817 1 Google 1 Android 2026-06-17 2.1 LOW 4.0 MEDIUM
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.
CVE-2022-25809 1 Amazon 2 Echo Dot, Echo Dot Firmware 2026-06-17 9.0 HIGH 9.8 CRITICAL
Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack.
CVE-2022-25786 1 Secomea 1 Gatemanager 2026-06-17 4.0 MEDIUM 4.9 MEDIUM
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7.
CVE-2022-25783 1 Secomea 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.
CVE-2022-25765 2 Fedoraproject, Pdfkit Project 2 Fedora, Pdfkit 2026-06-17 N/A 7.3 HIGH
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
CVE-2022-25755 1 Siemens 48 Scalance X302-7eec, Scalance X302-7eec Firmware, Scalance X304-2fe and 45 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances.
CVE-2022-25685 1 Qualcomm 250 Apq8009, Apq8009 Firmware, Apq8017 and 247 more 2026-06-17 N/A 7.5 HIGH
Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2022-25681 1 Qualcomm 196 Aqt1000, Aqt1000 Firmware, Ar8035 and 193 more 2026-06-17 N/A 8.4 HIGH
Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2022-25679 1 Qualcomm 134 Aqt1000, Aqt1000 Firmware, Qca6390 and 131 more 2026-06-17 N/A 6.2 MEDIUM
Denial of service in video due to improper access control in broadcast receivers in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2022-25650 1 Mendix 1 Mendix 2026-06-17 4.0 MEDIUM 6.5 MEDIUM
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.27), Mendix Applications using Mendix 8 (All versions < V8.18.14), Mendix Applications using Mendix 9 (All versions < V9.12.0), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.3). When querying the database, it is possible to sort the results using a protected field. With this an authenticated attacker could extract information about the contents of a protected field.
CVE-2022-25649 1 Storeapps 1 Affiliate For Woocommerce 2026-06-17 N/A 5.0 MEDIUM
Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress.