Export limit exceeded: 363994 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363994 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363994 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363994 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32505 | 1 Nuki | 2 Smart Lock V2, Smart Lock V3 Pro | 2026-04-15 | 7.1 High |
| An issue was discovered on certain Nuki Home Solutions devices. It is possible to send multiple BLE malformed packets to block some of the functionality and reboot the device. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4. | ||||
| CVE-2022-32506 | 1 Nuki | 4 Bridge, Bridge Firmware, Smart Lock and 1 more | 2026-04-15 | 6.4 Medium |
| An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal and external flash memory. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Smart Lock 2.0 before 2.12.4, as well as Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2. | ||||
| CVE-2022-32507 | 1 Nuki | 1 Smart Lock | 2026-04-15 | 8.8 High |
| An issue was discovered on certain Nuki Home Solutions devices. Some BLE commands, which should have been designed to be only called from privileged accounts, could also be called from unprivileged accounts. This demonstrates that no access controls were implemented for the different BLE commands across the different accounts. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4. | ||||
| CVE-2022-32508 | 1 Nuki | 2 Bridge V1, Bridge V2 | 2026-04-15 | 7.5 High |
| An issue was discovered on certain Nuki Home Solutions devices. By sending a malformed HTTP verb, it is possible to force a reboot of the device. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2. | ||||
| CVE-2022-32509 | 1 Nuki | 3 Bridge V1, Bridge V2, Smart Lock | 2026-04-15 | 8.8 High |
| An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on HTTP communications allows attackers to intercept and tamper data. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Bridge v1 before 1.22.0 and Nuki Bridge v2 before 2.13.2. | ||||
| CVE-2022-32510 | 1 Nuki | 1 Bridge | 2026-04-15 | 7.1 High |
| An issue was discovered on certain Nuki Home Solutions devices. The HTTP API exposed by a Bridge used an unencrypted channel to provide an administrative interface. A token can be easily eavesdropped by a malicious actor to impersonate a legitimate user and gain access to the full set of API endpoints. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2. | ||||
| CVE-2022-3365 | 2026-04-15 | 9.8 Critical | ||
| Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved. | ||||
| CVE-2022-33861 | 1 Eaton | 1 Intelligent Power Protector | 2026-04-15 | 5.1 Medium |
| IPP software versions prior to v1.71 do not sufficiently verify the authenticity of data, in a way that causes it to accept invalid data. | ||||
| CVE-2022-33862 | 1 Eaton | 1 Intelligent Power Protector | 2026-04-15 | 6.7 Medium |
| IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems. | ||||
| CVE-2022-3399 | 2026-04-15 | 4.4 Medium | ||
| The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookie_notice_options[refuse_code_head]' parameter in versions up to, and including, 2.4.17.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative privileges and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected /wp-admin/admin.php?page=cookie-notice page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2022-35202 | 1 Sitevision | 1 Sitevision | 2026-04-15 | 5.1 Medium |
| A security issue in Sitevision version 10.3.1 and older allows a remote attacker, in certain (non-default) scenarios, to gain access to the private keys used for signing SAML Authn requests. The underlying issue is a Java keystore that may become accessible and downloadable via WebDAV. This keystore is protected with a low-complexity, auto-generated password. | ||||
| CVE-2022-35503 | 1 Osm | 1 N2vc | 2026-04-15 | 7.5 High |
| Improper verification of a user input in Open Source MANO v7-v12 allows an authenticated attacker to execute arbitrary code within the LCM module container via a Virtual Network Function (VNF) descriptor. An attacker may be able execute code to change the normal execution of the OSM components, retrieve confidential information, or gain access other parts of a Telco Operator infrastructure other than OSM itself. | ||||
| CVE-2022-36407 | 2026-04-15 | 9.9 Critical | ||
| Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H, Hitachi Unified Storage VM, Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, Hitachi Virtual Storage Platform F400, F600, F800, Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, Hitachi Virtual Storage Platform F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H allows local users to gain sensitive information.This issue affects Hitachi Virtual Storage Platform: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform VP9500: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform G1000, G1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform F1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform 5100, 5500,5100H, 5500H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Virtual Storage Platform 5200, 5600,5200H, 5600H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Unified Storage VM: before DKCMAIN Ver. 73-03-75-X0/00, SVP Ver. 73-03-74/00, before DKCMAIN Ver. 73(75)-03-75-X0/00, SVP Ver. 73(75)-03-74/00; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform F400, F600, F800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform F350, F370, F700, F900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-06-81-X0/00, SVP Ver. 93-06-81-X0/00, before DKCMAIN Ver. 93-06-62-X0/00, SVP Ver. 93-06-62-X0/00, before DKCMAIN Ver. 93-06-43-X0/00, SVP Ver. 93-06-43-X0/00. | ||||
| CVE-2022-37410 | 2026-04-15 | 7 High | ||
| Improper access control for some Intel(R) Thunderbolt driver software before version 89 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-38691 | 1 Unisoc | 4 Sc9863a, T310, T610 and 1 more | 2026-04-15 | 7.8 High |
| In BootROM, there is a possible missing validation for Certificate Type 0. This could lead to local escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2022-38692 | 2026-04-15 | 9.8 Critical | ||
| In BootROM, there is a missing size check for RSA keys in Certificate Type 0 validation. This could lead to memory buffer overflow without requiring additional execution privileges. | ||||
| CVE-2022-38693 | 2026-04-15 | 9.8 Critical | ||
| In FDL1, there is a possible missing payload size check. This could lead to memory buffer overflow without requiring additional execution privileges. | ||||
| CVE-2022-38694 | 2026-04-15 | 7.8 High | ||
| In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2022-38695 | 2026-04-15 | 7.8 High | ||
| In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2022-38696 | 2026-04-15 | 9.8 Critical | ||
| In BootRom, there's a possible missing payload size check. This could lead to memory buffer overflow without requiring additional execution privileges. | ||||