Total
29059 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25987 | 1 Intel | 2 C\+\+ Compiler Classic, Oneapi Toolkits | 2024-11-21 | N/A | 8.3 HIGH |
| Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler Classic before version 2021.6 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-25986 | 1 Cybozu | 1 Office | 2024-11-21 | N/A | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler. | |||||
| CVE-2022-25966 | 1 Intel | 1 Edge Insights For Industrial | 2024-11-21 | N/A | 7.8 HIGH |
| Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-25962 | 1 Vagrant.js Project | 1 Vagrant.js | 2024-11-21 | N/A | 7.4 HIGH |
| All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization. | |||||
| CVE-2022-25940 | 1 Lite-server Project | 1 Lite-server | 2024-11-21 | N/A | 7.5 HIGH |
| All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse. | |||||
| CVE-2022-25926 | 1 Window-control Project | 1 Window-control | 2024-11-21 | N/A | 7.4 HIGH |
| Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization. | |||||
| CVE-2022-25923 | 1 Exec-local-bin Project | 1 Exec-local-bin | 2024-11-21 | N/A | 7.4 HIGH |
| Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization. | |||||
| CVE-2022-25921 | 1 Morgan-json Project | 1 Morgan-json | 2024-11-21 | N/A | 8.1 HIGH |
| All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. | |||||
| CVE-2022-25916 | 1 Mt7688-wiscan Project | 1 Mt7688-wiscan | 2024-11-21 | N/A | 7.4 HIGH |
| Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function. | |||||
| CVE-2022-25915 | 1 Elecom | 46 Edwrc-2533gst2, Edwrc-2533gst2 Firmware, Wmc-2hc-w and 43 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors. | |||||
| CVE-2022-25908 | 1 Create-choo-electron Project | 1 Create-choo-electron | 2024-11-21 | N/A | 7.4 HIGH |
| All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | |||||
| CVE-2022-25890 | 1 Wifey Project | 1 Wifey | 2024-11-21 | N/A | 7.4 HIGH |
| All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization. | |||||
| CVE-2022-25855 | 1 Create-choo-app3 Project | 1 Create-choo-app3 | 2024-11-21 | N/A | 7.4 HIGH |
| All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | |||||
| CVE-2022-25853 | 1 Semver-tags Project | 1 Semver-tags | 2024-11-21 | N/A | 7.4 HIGH |
| All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization. | |||||
| CVE-2022-25831 | 1 Google | 1 Android | 2024-11-21 | 1.9 LOW | 2.0 LOW |
| Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions. | |||||
| CVE-2022-25824 | 1 Samsung | 1 Bixby Touch | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview. | |||||
| CVE-2022-25817 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent. | |||||
| CVE-2022-25809 | 1 Amazon | 2 Echo Dot, Echo Dot Firmware | 2024-11-21 | 9.0 HIGH | 9.8 CRITICAL |
| Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack. | |||||
| CVE-2022-25786 | 1 Secomea | 1 Gatemanager | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7. | |||||
| CVE-2022-25783 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7. | |||||