Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45164 | 1 Archibus | 1 Archibus Web Central | 2026-06-17 | N/A | 4.3 MEDIUM |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) a booking, created by someone else - even if this basic user is not a member of the booking | |||||
| CVE-2022-45097 | 1 Dell | 1 Emc Powerscale Onefs | 2026-06-17 | N/A | 6.3 MEDIUM |
| Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. | |||||
| CVE-2022-45066 | 1 Thriveweb | 1 Wooswipe Woocommerce Gallery | 2026-06-17 | N/A | 5.4 MEDIUM |
| Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress. | |||||
| CVE-2022-44938 | 1 Seeddms | 1 Seeddms | 2026-06-17 | N/A | 9.8 CRITICAL |
| Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack. | |||||
| CVE-2022-44932 | 1 Tenda | 2 A18, A18 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service. | |||||
| CVE-2022-44929 | 1 D-link | 2 Dvg-g5402sp, Dvg-g5402sp Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. | |||||
| CVE-2022-44801 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. | |||||
| CVE-2022-44786 | 1 Maggioli | 1 Appalti \& Contratti | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This affects ApriPagina.do POST and GET requests to each application. | |||||
| CVE-2022-44784 | 1 Maggioli | 1 Appalti \& Contratti | 2026-06-17 | N/A | 8.8 HIGH |
| An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Local File Inclusion. Among the exposed services, there is the Axis AdminService, which, through the default configuration, should normally be accessible only by the localhost. Nevertheless, by trying to access the mentioned service, both in LFS and DL229, the service can actually be reached even by remote users, allowing creation of arbitrary services on the server side. When an attacker can reach the AdminService, they can use it to instantiate arbitrary services on the server. The exploit procedure is well known and described in Generic AXIS-SSRF exploitation. Basically, the attack consists of writing a JSP page inside the root directory of the web application, through the org.apache.axis.handlers.LogHandler class. | |||||
| CVE-2022-44654 | 1 Trendmicro | 1 Apex One | 2026-06-17 | N/A | 7.5 HIGH |
| Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. The affected component's memory protection mechanism has been updated to enhance product security. | |||||
| CVE-2022-44643 | 2 Amd, Grafana | 2 Amd64, Enterprise Metrics | 2026-06-17 | N/A | 5.7 MEDIUM |
| A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64. | |||||
| CVE-2022-44640 | 2 Heimdal Project, Samba | 2 Heimdal, Samba | 2026-06-17 | N/A | 9.8 CRITICAL |
| Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). | |||||
| CVE-2022-44634 | 1 Villatheme | 1 S2w - Import Shopify To Woocommerce | 2026-06-17 | N/A | 4.9 MEDIUM |
| Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on WordPress. | |||||
| CVE-2022-44622 | 1 Jetbrains | 1 Teamcity | 2026-06-17 | N/A | 2.7 LOW |
| In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive | |||||
| CVE-2022-44566 | 1 Activerecord Project | 1 Activerecord | 2026-06-17 | N/A | 7.5 HIGH |
| A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service. | |||||
| CVE-2022-44565 | 1 Ui | 12 Airfiber 60, Airfiber 60-hd, Airfiber 60-hd Firmware and 9 more | 2026-06-17 | N/A | 5.3 MEDIUM |
| An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device. | |||||
| CVE-2022-44560 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 5.3 MEDIUM |
| The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified. | |||||
| CVE-2022-44544 | 2 Canonical, Mahara | 2 Ubuntu Linux, Mahara | 2026-06-17 | N/A | 9.8 CRITICAL |
| Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript. | |||||
| CVE-2022-44543 | 1 In2code | 1 Femanager | 2026-06-17 | N/A | 5.3 MEDIUM |
| The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled. | |||||
| CVE-2022-44211 | 1 Gl-inet | 1 Goodcloud | 2026-06-17 | N/A | 7.4 HIGH |
| In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings. | |||||