CVEs from 2022
Total
5,252
critical
critical 90
high
high 1,231
medium
medium 959
low
low 24
% Critical
1.7%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-34918 | high | — | 9.0 | 4y ago | An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a differ… | |||
| CVE-2022-22942 | high | — | 9.0 | 4y ago | The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. | |||
| CVE-2022-50944 | high | 8.8 | 8.8 | 26d ago | Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can up… | |||
| CVE-2022-45356 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | |||
| CVE-2022-45845 | high | 8.8 | 8.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9. | |||
| CVE-2022-42884 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7. | |||
| CVE-2022-41790 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76. | |||
| CVE-2022-41990 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8. | |||
| CVE-2022-40203 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5. | |||
| CVE-2022-36352 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities… | |||
| CVE-2022-34344 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Who… | |||
| CVE-2022-47181 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affec… | |||
| CVE-2022-44738 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3. | |||
| CVE-2022-42882 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter.This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8. | |||
| CVE-2022-41616 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1. | |||
| CVE-2022-38702 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0. | |||
| CVE-2022-46821 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Jackmail & Sarbacane Emails & Newsletters with Jackmail.This issue affects Emails & Newsletters with Jackmail: from n/a thro… | |||
| CVE-2022-46804 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3. | |||
| CVE-2022-45348 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in anmari amr users.This issue affects amr users: from n/a through 4.59.4. | |||
| CVE-2022-47442 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9. | |||
| CVE-2022-45350 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit t… | |||
| CVE-2022-4046 | high | 8.8 | 8.8 | 3y ago | In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device. | |||
| CVE-2022-34155 | high | 8.8 | 8.8 | 3y ago | Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/… | |||
| CVE-2022-46857 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions. | |||
| CVE-2022-47177 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin <= 4.1 versions. | |||
| CVE-2022-47165 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin <= 3.3.8 versions. | |||
| CVE-2022-47149 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 3.4.0 versions. | |||
| CVE-2022-47164 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.7.7 versions. | |||
| CVE-2022-47180 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin <= 1.3.5 versions. | |||
| CVE-2022-46794 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping.Com WooCommerce Weight Based Shipping plugin <= 5.4.1 versions. | |||
| CVE-2022-45079 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. | |||
| CVE-2022-4224 | high | 8.8 | 8.8 | 3y ago | In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. | |||
| CVE-2022-38074 | high | 8.8 | 8.8 | 3y ago | SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions. | |||
| CVE-2022-45068 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <= 6.3.1. | |||
| CVE-2022-45090 | high | 8.8 | 8.8 | 3y ago | Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01. | |||
| CVE-2022-45089 | high | 8.8 | 8.8 | 3y ago | Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01. | |||
| CVE-2022-46842 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions. | |||
| CVE-2022-46815 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions. | |||
| CVE-2022-45807 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions. | |||
| CVE-2022-45067 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions. | |||
| CVE-2022-40692 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions. | |||
| CVE-2022-42699 | high | 8.8 | 8.8 | 4y ago | Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | |||
| CVE-2022-2808 | high | 8.8 | 8.8 | 4y ago | Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection. This issue affects Prens Student Informa… | |||
| CVE-2022-44737 | high | 8.8 | 8.8 | 4y ago | Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. | |||
| CVE-2022-41685 | high | 8.8 | 8.8 | 4y ago | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <=… | |||
| CVE-2022-41791 | high | 8.8 | 8.8 | 4y ago | Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. | |||
| CVE-2022-41106 | high | 8.8 | 8.8 | 4y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2022-38079 | high | 8.8 | 8.8 | 4y ago | Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress. | |||
| CVE-2022-36110 | high | 8.8 | 8.8 | 4y ago | Netmaker vulnerable to Insufficient Granularity of Access Control in github.com/gravitl/netmaker | |||
| CVE-2022-23650 | high | 8.8 | 8.8 | 4y ago | Use of Hard-coded Cryptographic Key in Netmaker | |||
| CVE-2022-23307 | high | 8.8 | 8.8 | 4y ago | RHSA-2022:0290: parfait:0.5 security update (Important) | |||
| CVE-2022-23302 | high | 8.8 | 8.8 | 4y ago | RHSA-2022:0290: parfait:0.5 security update (Important) | |||
| CVE-2022-21840 | high | 8.8 | 8.8 | 5y ago | Microsoft Office Remote Code Execution Vulnerability | |||
| CVE-2022-4992 | high | 8.6 | 8.6 | 3d ago | Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling vulnerability t… | |||
| CVE-2022-47151 | high | 8.6 | 8.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Bes… | |||
| CVE-2022-2601 | high | 8.6 | 8.6 | 4y ago | Moderate: grub2 security update | |||
| CVE-2022-24036 | high | 8.6 | 8.6 | 4y ago | Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs. | |||
| CVE-2022-24037 | high | 8.2 | 8.2 | 4y ago | Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to obtain critical information. | |||
| CVE-2022-50994 | high | 8.1 | 8.1 | 28d ago | DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands… | |||
| CVE-2022-46850 | high | 8.1 | 8.1 | 3y ago | Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions. | |||
| CVE-2022-45789 | high | 8.1 | 8.1 | 3y ago | A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. A… | |||
| CVE-2022-45353 | high | 8.1 | 8.1 | 3y ago | Broken Access Control in Betheme theme <= 26.6.1 on WordPress. | |||
| CVE-2022-45829 | high | 8.1 | 8.1 | 4y ago | Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress. | |||
| CVE-2022-34151 | high | 8.1 | 8.1 | 4y ago | Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Mac… | |||
| CVE-2022-22576 | high | 8.1 | 8.1 | 4y ago | An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was au… | |||
| CVE-2022-20796 | high | — | 8.0 | — | On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.10… | |||
| CVE-2022-1641 | high | — | 8.0 | — | Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit h… | |||
| CVE-2022-20771 | high | — | 8.0 | — | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiV… | |||
| CVE-2022-3636 | high | — | 8.0 | — | A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethern… | |||
| CVE-2022-1433 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2022-29582 | high | — | 8.0 | — | In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; howe… | |||
| CVE-2022-1460 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2022-40307 | high | — | 8.0 | — | An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. | |||
| CVE-2022-1639 | high | — | 8.0 | — | Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-3586 | high | — | 8.0 | — | A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (… | |||
| CVE-2022-3541 | high | — | 8.0 | — | A vulnerability classified as critical has been found in Linux Kernel. This affects the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component… | |||
| CVE-2022-1638 | high | — | 8.0 | — | Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-1516 | high | — | 8.0 | — | A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and… | |||
| CVE-2022-32278 | high | — | 8.0 | — | XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. | |||
| CVE-2022-31748 | high | — | 8.0 | — | Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of… | |||
| CVE-2022-2318 | high | — | 8.0 | — | There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. | |||
| CVE-2022-29915 | high | — | 8.0 | — | The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100. | |||
| CVE-2022-3544 | high | — | 8.0 | — | A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function damon_sysfs_add_target of the file mm/damon/sysfs.c of the component Netfilter. The manipulat… | |||
| CVE-2022-1352 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2022-30294 | high | — | 8.0 | — | arbitrary code execution in wpewebkit | |||
| CVE-2022-39842 | high | — | 8.0 | — | An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer over… | |||
| CVE-2022-41850 | high | — | 8.0 | — | roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a … | |||
| CVE-2022-3910 | high | — | 8.0 | — | Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring wa… | |||
| CVE-2022-41849 | high | — | 8.0 | — | drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a… | |||
| CVE-2022-2031 | high | — | 8.0 | — | A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has bee… | |||
| CVE-2022-32744 | high | — | 8.0 | — | A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabl… | |||
| CVE-2022-40768 | high | — | 8.0 | — | drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | |||
| CVE-2022-1636 | high | — | 8.0 | — | Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2022-31745 | high | — | 8.0 | — | If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101. | |||
| CVE-2022-0812 | high | — | 8.0 | — | An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. | |||
| CVE-2022-1423 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2022-1416 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2022-1426 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2022-20803 | high | — | 8.0 | — | A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affect… | |||
| CVE-2022-32745 | high | — | 8.0 | — | A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. |