Total
3770 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40494 | 1 Nps Project | 1 Nps | 2024-11-21 | 9.8 Critical |
| NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters. | ||||
| CVE-2022-40259 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | 8.3 High |
| MegaRAC Default Credentials Vulnerability | ||||
| CVE-2022-40242 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | 7.5 High |
| MegaRAC Default Credentials Vulnerability | ||||
| CVE-2022-40144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 9.8 Critical |
| A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations. | ||||
| CVE-2022-3875 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | 7.3 High |
| A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216244. | ||||
| CVE-2022-3681 | 1 Motorola | 1 Mr2600 | 2024-11-21 | 6.5 Medium |
| A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network. | ||||
| CVE-2022-3674 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2024-11-21 | 7.3 High |
| A vulnerability has been found in SourceCodester Sanitization Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The identifier VDB-212017 was assigned to this vulnerability. | ||||
| CVE-2022-3477 | 3 Newsmag Project, Newspaper Project, Tagdiv Composer Project | 3 Newsmag, Newspaper, Tagdiv Composer | 2024-11-21 | 9.8 Critical |
| The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address | ||||
| CVE-2022-3465 | 1 Mediabridgeproducts | 2 Mlwr-ac1200r, Mlwr-ac1200r Firmware | 2024-11-21 | 7.3 High |
| A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700. | ||||
| CVE-2022-3218 | 1 Necta | 1 Wifi Mouse Server | 2024-11-21 | 9.8 Critical |
| Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution. | ||||
| CVE-2022-3173 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 4.3 Medium |
| Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10. | ||||
| CVE-2022-3156 | 1 Rockwellautomation | 1 Studio 5000 Logix Emulate | 2024-11-21 | 7.8 High |
| A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Users are granted elevated permissions on certain product services when the software is installed. Due to this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software. | ||||
| CVE-2022-3152 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | 8.8 High |
| Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20. | ||||
| CVE-2022-3119 | 1 Oauth Client Single Sign On Project | 1 Oauth Client Single Sign On | 2024-11-21 | 7.5 High |
| The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address | ||||
| CVE-2022-39901 | 1 Samsung | 2 Exynos, Exynos Firmware | 2024-11-21 | 6.5 Medium |
| Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB. | ||||
| CVE-2022-39899 | 1 Google | 1 Android | 2024-11-21 | 5.7 Medium |
| Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture. | ||||
| CVE-2022-39892 | 1 Samsung | 1 Pass | 2024-11-21 | 3.6 Low |
| Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature. | ||||
| CVE-2022-39801 | 1 Sap | 1 Access Control | 2024-11-21 | 7.5 High |
| SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and completely compromise the application. | ||||
| CVE-2022-39387 | 1 Xwiki | 1 Openid Connect | 2024-11-21 | 9.1 Critical |
| XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the XWiki authentication altogether by specifying its own provider through the oidc.endpoint.* request parameters (or by using an XWiki-based OpenID provider with oidc.xwikiprovider. With the same approach, one could also provide a specific group mapping through oidc.groups.mapping that would make his user automatically part of the XWikiAdminGroup. This issue has been patched, please upgrade to 1.29.1. There is no workaround, an upgrade of the authenticator is required. | ||||
| CVE-2022-39366 | 1 Datahub Project | 1 Datahub | 2024-11-21 | 9.9 Critical |
| DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because the `StatelessTokenService` of the Metadata service uses the `parse` method of `io.jsonwebtoken.JwtParser`, which does not perform a verification of the cryptographic token signature. This means that JWTs are accepted regardless of the used algorithm. This issue may lead to an authentication bypass. Version 0.8.45 contains a patch for the issue. There are no known workarounds. | ||||