CVEs from 2022

5,236 normalized CVEs published or assigned in this year.

Total

5,236

critical

critical 92

high

high 1,236

medium

medium 953

low

low 24

% Critical

1.8%

% with KEV

2.5%

% with exploit

3.4%

Top vendors

Top packages

critical high medium low unknown

KEV Has exploit

Reset

CVE	Severity	CVSS	Risk	Published	Description
CVE-2022-1245	unknown	—	—	4y ago	Keycloak vulnerable to privilege escalation on Token Exchange feature
CVE-2022-29546	unknown	—	—	4y ago	OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser
CVE-2022-28820	unknown	—	—	4y ago	Page Compare Reflected Cross-site Scripting (XSS) vulnerability
CVE-2022-26596	unknown	—	—	4y ago	Liferay Portal and Liferay DXP allows arbitrary injection via web content template names
CVE-2022-26597	unknown	—	—	4y ago	Liferay Portal and Liferay DXP allows arbitrary injection via the site name
CVE-2022-29577	unknown	—	—	4y ago	Cross-site Scripting in OWASP AntiSamy
CVE-2022-28366	unknown	—	—	4y ago	Denial of service in HtmlUnit-Neko
CVE-2022-28367	unknown	—	—	4y ago	Cross-site Scripting in OWASP AntiSamy
CVE-2022-27340	unknown	—	—	4y ago	Cross Site Request Forgery in Mingsoft MCMS
CVE-2022-24847	unknown	—	—	4y ago	Improper Input Validation in GeoServer
CVE-2022-24828	unknown	—	—	4y ago	Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control …
CVE-2022-0272	unknown	—	—	4y ago	XML External Entity Reference in detekt
CVE-2022-22969	unknown	—	—	4y ago	Denial of service in Spring Security OAuth2
CVE-2022-26593	unknown	—	—	4y ago	Liferay Portal and Liferay DXP allows arbitrary injection via the name of an asset category
CVE-2022-26595	unknown	—	—	4y ago	Liferay Portal and Liferay DXP fails to check permissions to view sites/groups
CVE-2022-28108	unknown	—	—	4y ago	Selenium Server (Grid) CSRF
CVE-2022-26594	unknown	—	—	4y ago	Liferay Portal and Liferay DXP allows arbitrary injection via form field
CVE-2022-22968	unknown	—	—	4y ago	Improper handling of case sensitivity in Spring Framework
CVE-2022-29039	unknown	—	—	4y ago	Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin
CVE-2022-29036	unknown	—	—	4y ago	Cross-site Scripting in Jenkins Credentials Plugin
CVE-2022-29038	unknown	—	—	4y ago	Stored Cross-site Scripting vulnerabilities in Jenkins Extended Choice Parameter Plugin
CVE-2022-29037	unknown	—	—	4y ago	Stored XSS in Jenkins CVS Plugin
CVE-2022-29041	unknown	—	—	4y ago	Stored Cross-site Scripting vulnerability in Jenkins Jira Plugin
CVE-2022-29040	unknown	—	—	4y ago	Stored XSS vulnerability in Jenkins Git Parameter Plugin
CVE-2022-29042	unknown	—	—	4y ago	Stored Cross-site Scripting vulnerability in Jenkins Job Generator Plugin
CVE-2022-29046	unknown	—	—	4y ago	Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin
CVE-2022-29043	unknown	—	—	4y ago	Stored Cross-site Scripting in Jenkins Mask Passwords Plugin
CVE-2022-29047	unknown	—	—	4y ago	Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin
CVE-2022-29045	unknown	—	—	4y ago	Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin
CVE-2022-29051	unknown	—	—	4y ago	Missing permission checks in Jenkins Publish Over FTP Plugin
CVE-2022-29048	unknown	—	—	4y ago	CSRF vulnerability in Jenkins Subversion Plugin
CVE-2022-29050	unknown	—	—	4y ago	CSRF vulnerability in Jenkins Publish Over FTP Plugin
CVE-2022-29049	unknown	—	—	4y ago	Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL
CVE-2022-29044	unknown	—	—	4y ago	Stored Cross-site Scripting in Jenkins Node and Label parameter Plugin
CVE-2022-29052	unknown	—	—	4y ago	Private key stored in plain text by Jenkins Google Compute Engine Plugin
CVE-2022-24839	unknown	—	—	4y ago	org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption
CVE-2022-23437	unknown	—	—	4y ago	Infinite Loop in Apache Xerces Java
CVE-2022-24827	unknown	—	—	4y ago	SQL Injection in elide-datastore-aggregation
CVE-2022-24820	unknown	—	—	4y ago	Unauthenticated user can list hidden document from multiple velocity templates in XWiki
CVE-2022-24821	unknown	—	—	4y ago	Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx
CVE-2022-24819	unknown	—	—	4y ago	Unauthenticated user can retrieve the list of users through uorgsuggest.vm
CVE-2022-26612	unknown	—	—	4y ago	Path traversal in Hadoop
CVE-2022-26585	unknown	—	—	4y ago	SQL injection in net.mingsoft:ms-mcms
CVE-2022-23974	unknown	—	—	4y ago	Logic error in Apache Pinot
CVE-2022-22950	unknown	—	—	4y ago	Allocation of Resources Without Limits or Throttling in Spring Framework
CVE-2022-25598	unknown	—	—	4y ago	Uncontrolled Resource Consumption in Apache DolphinScheduler
CVE-2022-23059	unknown	—	—	4y ago	Cross site scripting in Shopizer
CVE-2022-27820	unknown	—	—	4y ago	Improper Certificate Validation in OWASP ZAP
CVE-2022-24775	unknown	—	—	4y ago	guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values…
CVE-2022-27200	unknown	—	—	4y ago	Duplicate Advisory: Stored Cross-site Scripting vulnerability in Jenkins Folder-based Authorization Strategy Plugin
CVE-2022-27196	unknown	—	—	4y ago	Stored Cross-site Scripting vulnerability in Jenkins Favorite Plugin
CVE-2022-27197	unknown	—	—	4y ago	Stored Cross-site Scripting vulnerability in Jenkins Dashboard View Plugin
CVE-2022-27195	unknown	—	—	4y ago	Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin
CVE-2022-27201	unknown	—	—	4y ago	Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
CVE-2022-27203	unknown	—	—	4y ago	Arbitrary JSON and property file read vulnerability in Jenkins Extended Choice Parameter Plugin
CVE-2022-27204	unknown	—	—	4y ago	CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF
CVE-2022-27198	unknown	—	—	4y ago	CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin
CVE-2022-27199	unknown	—	—	4y ago	Missing permission checks in AWS Credentials Plugin
CVE-2022-27202	unknown	—	—	4y ago	Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin
CVE-2022-27206	unknown	—	—	4y ago	Client Secret stored in plain text by Jenkins GitLab Authentication Plugin
CVE-2022-27216	unknown	—	—	4y ago	Passwords stored in plain text by Jenkins dbCharts Plugin
CVE-2022-27214	unknown	—	—	4y ago	CSRF vulnerability in Jenkins Release Helper Plugin
CVE-2022-27217	unknown	—	—	4y ago	Passwords stored in plain text by Jenkins Vmware vRealize CodeStream Plugin
CVE-2022-27207	unknown	—	—	4y ago	Stored Cross-site Scripting vulnerability in Jenkins global-build-stats Plugin
CVE-2022-27212	unknown	—	—	4y ago	Stored Cross-site Scripting vulnerability in Jenkins List Git Branches Parameter Plugin
CVE-2022-27205	unknown	—	—	4y ago	CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF
CVE-2022-27210	unknown	—	—	4y ago	CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials
CVE-2022-27208	unknown	—	—	4y ago	Arbitrary file read vulnerability in Jenkins kubernetes-cd Plugin
CVE-2022-27213	unknown	—	—	4y ago	Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin
CVE-2022-27215	unknown	—	—	4y ago	Missing permission checks in Jenkins Release Helper Plugin
CVE-2022-27211	unknown	—	—	4y ago	CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials
CVE-2022-27218	unknown	—	—	4y ago	Personal tokens stored in plain text by Jenkins incapptic connect uploader Plugin
CVE-2022-24721	unknown	—	—	4y ago	Improper Authorization in org.cometd.oort
CVE-2022-26520	unknown	—	—	4y ago	Path traversal in org.postgresql:postgresql
CVE-2022-26652	unknown	—	—	4y ago	NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.
CVE-2022-25312	unknown	—	—	4y ago	Improper Restriction of XML External Entity Reference in Any23
CVE-2022-0839	unknown	—	—	4y ago	Improper Restriction of XML External Entity Reference in Liquibase
CVE-2022-26336	unknown	—	—	4y ago	Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad
CVE-2022-25146	unknown	—	—	4y ago	Liferay Portal and Liferay DXP fails to check origin of event messages
CVE-2022-23899	unknown	—	—	4y ago	SQL injection in net.mingsoft:ms-mcms
CVE-2022-23898	unknown	—	—	4y ago	SQL injection in net.mingsoft:ms-mcms
CVE-2022-0265	unknown	—	—	4y ago	XML External Entity Reference in Hazelcast
CVE-2022-23708	unknown	—	—	4y ago	Elasticsearch privilege escalation
CVE-2022-23640	unknown	—	—	4y ago	Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer
CVE-2022-24947	unknown	—	—	4y ago	Cross Site Request Forgery in Apache JSPWiki
CVE-2022-24948	unknown	—	—	4y ago	Cross-site Scripting in Apache JSPWiki
CVE-2022-24329	unknown	—	—	4y ago	Improper Locking in JetBrains Kotlin
CVE-2022-24613	unknown	—	—	4y ago	Improper Handling of Exceptional Conditions inn metadata-extractor
CVE-2022-24614	unknown	—	—	4y ago	Allocation of Resources Without Limits or Throttling in metadata-extractor
CVE-2022-24615	unknown	—	—	4y ago	Uncaught Exception in zip4j
CVE-2022-23649	unknown	—	—	4y ago	Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exis…
CVE-2022-23848	unknown	—	—	4y ago	Command injection in Alluxio
CVE-2022-0671	unknown	—	—	4y ago	Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX
CVE-2022-0672	unknown	—	—	4y ago	Exposure of Sensitive Information to an Unauthorized Actor in LemMinX
CVE-2022-0673	unknown	—	—	4y ago	Path Traversal in LemMinX
CVE-2022-22885	unknown	—	—	4y ago	Improper Certificate Validation in Hutool
CVE-2022-22880	unknown	—	—	4y ago	SQL Injection in Jeecg-boot
CVE-2022-22881	unknown	—	—	4y ago	SQL Injection in Jeecg-boot
CVE-2022-25173	unknown	—	—	4y ago	Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin
CVE-2022-25175	unknown	—	—	4y ago	Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection

CVEs from 2022

Top vendors

Top products

Top packages