LiveActive security incident?Get immediate response
CVE archive

March 2022

Browse CVE records published in March 2022, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 1929 matching CVEs · Page 1 of 39.

Unknown · CVSS Not scored

CVE-2022-45608: An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escal...

An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value).

Published Mar 1, 2023 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2022-45597: ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation.

ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and "Certificates are exchanged in a controlled fashion between entities within a trust relationship. This is why self-signed certificates may be used and why validating certificates isn’t as important as doing so for the transport layer certificates."

Published Mar 24, 2023 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2022-24644: ZZ Inc.

ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse.

Published Mar 7, 2022 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2022-23383: YzmCMS v6.3 is affected by broken access control.

YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out.

Published Mar 7, 2022 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2022-23328: A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a...

A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node's memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS).

Published Mar 4, 2022 · Updated Jul 9, 2026