CVE-2022-26469

HIGH Year: 2022
CVSS v3 Score
7.8
High
Weakness Type
CWE-470
View all →

Vulnerability Description

In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07216598; Issue ID: ALPS07216598.

Related Vulnerabilities

CVE-2024-8048

HIGH
CVSS:7.8(High)

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.

CWE-4702024

CVE-2022-30287

HIGH
CVSS:8.0(High)

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP object...

CWE-4702022

CVE-2024-7059

HIGH
CVSS:8.0(High)

A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line.

CWE-4702024

CVE-2025-31119

HIGH
CVSS:7.6(High)

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as ...

CWE-4702025

CVE-2019-10174

HIGH
CVSS:7.5(High)

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's...

CWE-4702019

CVE-2024-4990

HIGH
CVSS:8.1(High)

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configurati...

CWE-4702024