CVEs from 2022
Total
5,250
critical
critical 92
high
high 1,231
medium
medium 960
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-1471 | high | — | 9.0 | 4y ago | RHSA-2022:9058: prometheus-jmx-exporter security update (Important) | |||
| CVE-2022-42889 | high | — | 9.0 | 4y ago | Arbitrary code execution in Apache Commons Text | |||
| CVE-2022-34918 | high | — | 9.0 | 4y ago | An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a differ… | |||
| CVE-2022-22942 | high | — | 9.0 | 4y ago | The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. | |||
| CVE-2022-50944 | high | 8.8 | 8.8 | 26d ago | Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can up… | |||
| CVE-2022-45356 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | |||
| CVE-2022-45845 | high | 8.8 | 8.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9. | |||
| CVE-2022-42884 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7. | |||
| CVE-2022-41790 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76. | |||
| CVE-2022-41990 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8. | |||
| CVE-2022-40203 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5. | |||
| CVE-2022-36352 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities… | |||
| CVE-2022-34344 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Who… | |||
| CVE-2022-47181 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affec… | |||
| CVE-2022-44738 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3. | |||
| CVE-2022-42882 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter.This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8. | |||
| CVE-2022-41616 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1. | |||
| CVE-2022-38702 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0. | |||
| CVE-2022-46821 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Jackmail & Sarbacane Emails & Newsletters with Jackmail.This issue affects Emails & Newsletters with Jackmail: from n/a thro… | |||
| CVE-2022-46804 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3. | |||
| CVE-2022-45348 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in anmari amr users.This issue affects amr users: from n/a through 4.59.4. | |||
| CVE-2022-47442 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9. | |||
| CVE-2022-45350 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit t… | |||
| CVE-2022-4046 | high | 8.8 | 8.8 | 3y ago | In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device. | |||
| CVE-2022-34155 | high | 8.8 | 8.8 | 3y ago | Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/… | |||
| CVE-2022-46857 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions. | |||
| CVE-2022-47177 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin <= 4.1 versions. | |||
| CVE-2022-47165 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin <= 3.3.8 versions. | |||
| CVE-2022-47149 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 3.4.0 versions. | |||
| CVE-2022-47164 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.7.7 versions. | |||
| CVE-2022-47180 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin <= 1.3.5 versions. | |||
| CVE-2022-46794 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping.Com WooCommerce Weight Based Shipping plugin <= 5.4.1 versions. | |||
| CVE-2022-45079 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. | |||
| CVE-2022-4224 | high | 8.8 | 8.8 | 3y ago | In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. | |||
| CVE-2022-38074 | high | 8.8 | 8.8 | 3y ago | SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions. | |||
| CVE-2022-45068 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <= 6.3.1. | |||
| CVE-2022-45090 | high | 8.8 | 8.8 | 3y ago | Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01. | |||
| CVE-2022-45089 | high | 8.8 | 8.8 | 3y ago | Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01. | |||
| CVE-2022-46842 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions. | |||
| CVE-2022-46815 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions. | |||
| CVE-2022-45807 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions. | |||
| CVE-2022-45067 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions. | |||
| CVE-2022-40692 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions. | |||
| CVE-2022-42699 | high | 8.8 | 8.8 | 4y ago | Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | |||
| CVE-2022-2808 | high | 8.8 | 8.8 | 4y ago | Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection. This issue affects Prens Student Informa… | |||
| CVE-2022-44737 | high | 8.8 | 8.8 | 4y ago | Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. | |||
| CVE-2022-41685 | high | 8.8 | 8.8 | 4y ago | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <=… | |||
| CVE-2022-41791 | high | 8.8 | 8.8 | 4y ago | Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. | |||
| CVE-2022-41106 | high | 8.8 | 8.8 | 4y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2022-38079 | high | 8.8 | 8.8 | 4y ago | Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress. | |||
| CVE-2022-36110 | high | 8.8 | 8.8 | 4y ago | Netmaker vulnerable to Insufficient Granularity of Access Control in github.com/gravitl/netmaker | |||
| CVE-2022-23650 | high | 8.8 | 8.8 | 4y ago | Use of Hard-coded Cryptographic Key in Netmaker | |||
| CVE-2022-23307 | high | 8.8 | 8.8 | 4y ago | RHSA-2022:0290: parfait:0.5 security update (Important) | |||
| CVE-2022-23302 | high | 8.8 | 8.8 | 4y ago | RHSA-2022:0290: parfait:0.5 security update (Important) | |||
| CVE-2022-21840 | high | 8.8 | 8.8 | 5y ago | Microsoft Office Remote Code Execution Vulnerability | |||
| CVE-2022-4992 | high | 8.6 | 8.6 | 3d ago | Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling vulnerability t… | |||
| CVE-2022-47151 | high | 8.6 | 8.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Bes… | |||
| CVE-2022-2601 | high | 8.6 | 8.6 | 4y ago | Moderate: grub2 security update | |||
| CVE-2022-24036 | high | 8.6 | 8.6 | 4y ago | Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs. | |||
| CVE-2022-24037 | high | 8.2 | 8.2 | 4y ago | Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to obtain critical information. | |||
| CVE-2022-50994 | high | 8.1 | 8.1 | 28d ago | DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands… | |||
| CVE-2022-46850 | high | 8.1 | 8.1 | 3y ago | Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions. | |||
| CVE-2022-45789 | high | 8.1 | 8.1 | 3y ago | A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. A… | |||
| CVE-2022-45353 | high | 8.1 | 8.1 | 3y ago | Broken Access Control in Betheme theme <= 26.6.1 on WordPress. | |||
| CVE-2022-45829 | high | 8.1 | 8.1 | 4y ago | Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress. | |||
| CVE-2022-34151 | high | 8.1 | 8.1 | 4y ago | Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Mac… | |||
| CVE-2022-22576 | high | 8.1 | 8.1 | 4y ago | An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was au… | |||
| CVE-2022-1637 | high | — | 8.0 | — | Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2022-3621 | high | — | 8.0 | — | A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipu… | |||
| CVE-2022-47943 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case. | |||
| CVE-2022-2318 | high | — | 8.0 | — | There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. | |||
| CVE-2022-3534 | high | — | 8.0 | — | A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads… | |||
| CVE-2022-47940 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write. | |||
| CVE-2022-26981 | high | — | 8.0 | — | Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). | |||
| CVE-2022-47939 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT. | |||
| CVE-2022-20796 | high | — | 8.0 | — | On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.10… | |||
| CVE-2022-1639 | high | — | 8.0 | — | Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-29918 | high | — | 8.0 | — | Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presum… | |||
| CVE-2022-1204 | high | — | 8.0 | — | A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. | |||
| CVE-2022-0635 | high | — | 8.0 | — | Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. | |||
| CVE-2022-1433 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2022-20803 | high | — | 8.0 | — | A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affect… | |||
| CVE-2022-1634 | high | — | 8.0 | — | Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via… | |||
| CVE-2022-1183 | high | — | 8.0 | — | On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-… | |||
| CVE-2022-1638 | high | — | 8.0 | — | Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-20785 | high | — | 8.0 | — | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus… | |||
| CVE-2022-3635 | high | — | 8.0 | — | A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The mani… | |||
| CVE-2022-3646 | high | — | 8.0 | — | A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The… | |||
| CVE-2022-3586 | high | — | 8.0 | — | A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (… | |||
| CVE-2022-3303 | high | — | 8.0 | — | A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local u… | |||
| CVE-2022-4382 | high | — | 8.0 | — | A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side. | |||
| CVE-2022-31783 | high | — | 8.0 | — | Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. | |||
| CVE-2022-28287 | high | — | 8.0 | — | In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99. | |||
| CVE-2022-3874 | high | — | 8.0 | — | Important: Satellite 6.14 security and bug fix update | |||
| CVE-2022-1975 | high | — | 8.0 | — | There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. | |||
| CVE-2022-1636 | high | — | 8.0 | — | Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-31748 | high | — | 8.0 | — | Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of… | |||
| CVE-2022-47941 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak. | |||
| CVE-2022-41850 | high | — | 8.0 | — | roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a … | |||
| CVE-2022-40768 | high | — | 8.0 | — | drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. |