Vulnerabilities (CVE)

Total 364825 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-27406 2 Fedoraproject, Freetype 2 Fedora, Freetype 2026-07-09 5.0 MEDIUM 7.5 HIGH
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.
CVE-2022-27405 2 Fedoraproject, Freetype 2 Fedora, Freetype 2026-07-09 5.0 MEDIUM 7.5 HIGH
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
CVE-2022-27305 1 Gibbonedu 1 Gibbon 2026-07-09 6.8 MEDIUM 8.8 HIGH
Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.
CVE-2022-27262 1 Sailsjs 1 Skipper 2026-07-09 7.5 HIGH 9.8 CRITICAL
An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file.
CVE-2022-27260 1 Buttercms 1 Buttercms 2026-07-09 7.5 HIGH 9.8 CRITICAL
An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.
CVE-2022-26988 3 Fastcom, Mercusys, Tp-link 12 Fac1900r, Fac1900r Firmware, Mercury D196g and 9 more 2026-07-09 7.2 HIGH 7.8 HIGH
TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution.
CVE-2022-26987 3 Fastcom, Mercusys, Tp-link 12 Fac1900r, Fac1900r Firmware, Mercury D196g and 9 more 2026-07-09 7.2 HIGH 7.8 HIGH
TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.
CVE-2022-26646 1 Oretnom23 1 Banking System 2026-07-09 7.5 HIGH 9.8 CRITICAL
Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter.
CVE-2022-26645 1 Oretnom23 1 Banking System 2026-07-09 7.5 HIGH 9.8 CRITICAL
A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function.
CVE-2022-26644 1 Oretnom23 1 Banking System 2026-07-09 4.3 MEDIUM 6.1 MEDIUM
Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management.
CVE-2022-26643 1 Johnsoncontrols 1 Easyio Cpt Graphics 2026-07-09 5.0 MEDIUM 5.3 MEDIUM
An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application.
CVE-2022-26607 1 Baigo 1 Baigo Cms 2026-07-09 6.5 MEDIUM 7.2 HIGH
A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2022-26596 1 Liferay 2 Digital Experience Platform, Liferay Portal 2026-07-09 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names.
CVE-2022-26595 1 Liferay 2 Digital Experience Platform, Liferay Portal 2026-07-09 4.0 MEDIUM 4.3 MEDIUM
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI.
CVE-2022-26594 1 Liferay 1 Liferay Portal 2026-07-09 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object form view's form builder.
CVE-2022-26593 1 Liferay 2 Digital Experience Platform, Liferay Portal 2026-07-09 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category.
CVE-2022-26281 1 Bigantsoft 1 Bigant Server 2026-07-09 5.0 MEDIUM 7.5 HIGH
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
CVE-2022-26263 1 Yonyou 1 U8\+ 2026-07-09 4.3 MEDIUM 6.1 MEDIUM
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp.
CVE-2022-26251 1 Synametrics 1 Synaman 2026-07-09 9.0 HIGH 7.2 HIGH
The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges.
CVE-2022-26250 1 Synametrics 1 Synaman 2026-07-09 4.6 MEDIUM 7.8 HIGH
Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.