Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48350 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 7.5 HIGH |
| The HUAWEI Messaging app has a vulnerability of unauthorized file access. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2022-48341 | 1 Thingsboard | 1 Thingsboard | 2026-06-17 | N/A | 8.8 HIGH |
| ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter. | |||||
| CVE-2022-48305 | 1 Huawei | 2 Simba-al00, Simba-al00 Firmware | 2026-06-17 | N/A | 5.5 MEDIUM |
| There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. Successful exploitation of this vulnerability may cause the access control function of specific applications to fail. | |||||
| CVE-2022-48302 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 7.5 HIGH |
| The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-48165 | 1 Wavlink | 2 Wl-wn530h4, Wl-wn530h4 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | |||||
| CVE-2022-48164 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | |||||
| CVE-2022-48079 | 1 Mengnai | 1 Aapanel Host System | 2026-06-17 | N/A | 9.8 CRITICAL |
| Monnai aaPanel host system v1.5 contains an access control issue which allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host directory of the system. | |||||
| CVE-2022-48023 | 1 Zammad | 1 Zammad | 2026-06-17 | N/A | 4.3 MEDIUM |
| Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags. | |||||
| CVE-2022-47934 | 1 Brave | 1 Brave | 2026-06-17 | N/A | 6.5 MEDIUM |
| Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934. | |||||
| CVE-2022-47932 | 1 Brave | 1 Brave | 2026-06-17 | N/A | 6.5 MEDIUM |
| Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933. | |||||
| CVE-2022-47909 | 1 Checkmk | 1 Checkmk | 2026-06-17 | N/A | 6.8 MEDIUM |
| Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost. | |||||
| CVE-2022-47874 | 1 Jedox | 2 Cloud, Jedox | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'. | |||||
| CVE-2022-47717 | 1 Lastyard | 1 Last Yard | 2026-06-17 | N/A | 7.5 HIGH |
| Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS). | |||||
| CVE-2022-47542 | 1 Red-gate | 1 Sql Monitor | 2026-06-17 | N/A | 8.8 HIGH |
| Red Gate SQL Monitor 11.0.14 through 12.1.46 has Incorrect Access Control, exploitable remotely for Escalation of Privileges. | |||||
| CVE-2022-47529 | 1 Rsa | 1 Netwitness | 2026-06-17 | N/A | 6.7 MEDIUM |
| Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification. | |||||
| CVE-2022-47524 | 1 F-secure | 1 Safe | 2026-06-17 | N/A | 5.4 MEDIUM |
| F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homograph attack. | |||||
| CVE-2022-47411 | 1 Fp Newsletter Project | 1 Fp Newsletter | 2026-06-17 | N/A | 9.1 CRITICAL |
| An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations. | |||||
| CVE-2022-47410 | 1 Fp Newsletter Project | 1 Fp Newsletter | 2026-06-17 | N/A | 9.1 CRITICAL |
| An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations. | |||||
| CVE-2022-47070 | 1 Nvs365 | 2 Nvs-365-v01, Nvs-365-v01 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| NVS365 V01 is vulnerable to Incorrect Access Control. After entering a wrong password, the url will be sent to the server twice. In the second package, the server will return the correct password information. | |||||
| CVE-2022-47003 | 1 Murasoftware | 1 Mura Cms | 2026-06-17 | N/A | 9.8 CRITICAL |
| A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. | |||||