CVEs from 2022
Total
5,249
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-24801 | medium | — | 5.5 | 4y ago | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed se… | |||
| CVE-2022-23308 | medium | — | 5.5 | 4y ago | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | |||
| CVE-2022-23218 | medium | — | 5.5 | 4y ago | RHSA-2022:0896: glibc security update (Moderate) | |||
| CVE-2022-23219 | medium | — | 5.5 | 4y ago | RHSA-2022:0896: glibc security update (Moderate) | |||
| CVE-2022-0392 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0318 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0261 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0361 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0359 | medium | — | 5.5 | 4y ago | RHSA-2022:0894: vim security update (Moderate) | |||
| CVE-2022-0358 | medium | — | 5.5 | 4y ago | A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories sh… | |||
| CVE-2022-24511 | medium | 5.5 | 5.5 | 4y ago | Microsoft Office Word Tampering Vulnerability | |||
| CVE-2022-24462 | medium | 5.5 | 5.5 | 4y ago | Microsoft Word Security Feature Bypass Vulnerability | |||
| CVE-2022-21716 | medium | — | 5.5 | 4y ago | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the pe… | |||
| CVE-2022-0613 | medium | — | 5.5 | 4y ago | RHBA-2022:1386: .NET Core 3.1 on RHEL 8 bugfix update (Moderate) | |||
| CVE-2022-23634 | medium | — | 5.5 | 4y ago | Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the resp… | |||
| CVE-2022-23633 | medium | — | 5.5 | 4y ago | Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `Action… | |||
| CVE-2022-21712 | medium | — | 5.5 | 4y ago | twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in … | |||
| CVE-2022-22818 | medium | — | 5.5 | 4y ago | The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. | |||
| CVE-2022-23833 | medium | — | 5.5 | 4y ago | An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsin… | |||
| CVE-2022-21365 | medium | — | 5.5 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21248 | medium | — | 5.5 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-23837 | medium | — | 5.5 | 4y ago | In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to… | |||
| CVE-2022-0235 | medium | — | 5.5 | 4y ago | RHSA-2023:0050: nodejs:14 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-20166 | medium | — | 5.5 | 5y ago | In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges nee… | |||
| CVE-2022-50970 | medium | 5.4 | 5.4 | 27d ago | WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can cra… | |||
| CVE-2022-46840 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help D… | |||
| CVE-2022-45841 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9. | |||
| CVE-2022-38055 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0… | |||
| CVE-2022-40975 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7. | |||
| CVE-2022-45851 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4. | |||
| CVE-2022-45351 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | |||
| CVE-2022-45839 | medium | 5.4 | 5.4 | 3y ago | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA WHA Puzzle plugin <= 1.0.9 versions. | |||
| CVE-2022-45804 | medium | 5.4 | 5.4 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.9 leading to galleries hierarchy change, included plugin deactivate & acti… | |||
| CVE-2022-45091 | medium | 5.4 | 5.4 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This iss… | |||
| CVE-2022-45086 | medium | 5.4 | 5.4 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This issu… | |||
| CVE-2022-4554 | medium | 5.4 | 5.4 | 3y ago | B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.… | |||
| CVE-2022-44590 | medium | 5.4 | 5.4 | 4y ago | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao's Simple Video Embedder plugin <= 2.2 on WordPress. | |||
| CVE-2022-36404 | medium | 5.4 | 5.4 | 4y ago | Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions. | |||
| CVE-2022-0900 | medium | 5.4 | 5.4 | 4y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from unspecified before… | |||
| CVE-2022-26523 | medium | 5.3 | 5.3 | 29d ago | The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service… | |||
| CVE-2022-47601 | medium | 5.3 | 5.3 | 1y ago | Missing Authorization vulnerability in JoomUnited WP Table Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Table Manager: from n/a through 3.5.2. | |||
| CVE-2022-47429 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in 8Degree Themes Coming Soon Landing Page and Maintenance Mode WordPress Plugin allows Retrieve Embedded Sensitive Data.This issue affects Coming Soon Landing Pag… | |||
| CVE-2022-47182 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Wpexpertsio APIExperts Square for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects APIExperts Square for W… | |||
| CVE-2022-46846 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Trending/Popular Post Slider and Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af… | |||
| CVE-2022-44578 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Pierre JEHAN Owl Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through 0.5.3. | |||
| CVE-2022-44595 | medium | 5.3 | 5.3 | 2y ago | Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0. | |||
| CVE-2022-46392 | medium | 5.3 | 5.3 | 4y ago | An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attackin… | |||
| CVE-2022-21626 | medium | 5.3 | 5.3 | 4y ago | RHSA-2023:0128: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21618 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:7012: java-11-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21540 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important) | |||
| CVE-2022-21549 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important) | |||
| CVE-2022-21366 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0185: java-11-openjdk security update (Moderate) | |||
| CVE-2022-21360 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21341 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21340 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21305 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21299 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21296 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21294 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21293 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21291 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0185: java-11-openjdk security update (Moderate) | |||
| CVE-2022-21283 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21282 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21277 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0185: java-11-openjdk security update (Moderate) | |||
| CVE-2022-40211 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1. | |||
| CVE-2022-44629 | medium | 4.8 | 4.8 | 3y ago | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0 versions. | |||
| CVE-2022-47436 | medium | 4.8 | 4.8 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Yatra allows Stored XSS.This issue affects Yatra: from n/a through 2.1.14. | |||
| CVE-2022-43480 | medium | 4.8 | 4.8 | 3y ago | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions. | |||
| CVE-2022-32537 | medium | 4.8 | 4.8 | 4y ago | A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components… | |||
| CVE-2022-44628 | medium | 4.8 | 4.8 | 4y ago | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress. | |||
| CVE-2022-48816 | medium | 4.7 | 4.7 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: lock against ->sock changing during sysfs read ->sock can be set to NULL asynchronously unless ->recv_mutex is held. So i… | |||
| CVE-2022-41656 | medium | 4.3 | 4.3 | 10d ago | Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCom… | |||
| CVE-2022-50955 | medium | 4.3 | 4.3 | 27d ago | WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can … | |||
| CVE-2022-47176 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: … | |||
| CVE-2022-47168 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in printful Printful Integration for WooCommerce printful-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… | |||
| CVE-2022-46811 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in VillaTheme(villatheme.com) ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Le… | |||
| CVE-2022-46807 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for Wo… | |||
| CVE-2022-43472 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eRoom – Zoom Meetings … | |||
| CVE-2022-47604 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13. | |||
| CVE-2022-45352 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | |||
| CVE-2022-45349 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | |||
| CVE-2022-40702 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2. | |||
| CVE-2022-40219 | medium | 4.3 | 4.3 | 4y ago | Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change. | |||
| CVE-2022-28880 | medium | 4.3 | 4.3 | 4y ago | A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The … | |||
| CVE-2022-29071 | medium | 4.0 | 4.0 | 4y ago | This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked … | |||
| CVE-2022-45809 | low | 3.7 | 3.7 | 3y ago | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ricard Torres Thumbs Rating.This issue affects Thumbs Rating: from n/a through 5.0.0. | |||
| CVE-2022-21619 | low | 3.7 | 3.7 | 4y ago | RHSA-2023:0128: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-39399 | low | 3.7 | 3.7 | 4y ago | RHSA-2022:7012: java-11-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21624 | low | 3.7 | 3.7 | 4y ago | RHSA-2023:0128: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-45819 | low | 3.5 | 3.5 | 2y ago | Missing Authorization vulnerability in Popup Maker Popup Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Maker: from n/a through 1.17.1. | |||
| CVE-2022-3358 | low | — | 3.5 | 4y ago | Low: openssl security and bug fix update | |||
| CVE-2022-24101 | low | 3.3 | 3.3 | 4y ago | Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensit… | |||
| CVE-2022-27227 | low | — | 2.5 | — | In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an… | |||
| CVE-2022-29458 | low | — | 2.5 | 10mo ago | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. | |||
| CVE-2022-45063 | low | — | 2.5 | 1y ago | Low: xterm security update | |||
| CVE-2022-43769 | unknown | — | 2.5 | 1y ago | Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution. | |||
| CVE-2022-43939 | unknown | — | 2.5 | 1y ago | Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization. | |||
| CVE-2022-22948 | unknown | — | 2.5 | 2y ago | VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information. | |||
| CVE-2022-48554 | low | — | 2.5 | 2y ago | File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project. | |||
| CVE-2022-29303 | unknown | — | 2.5 | 3y ago | SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web server. |