CVEs from 2022
Total
5,250
critical
critical 90
high
high 1,231
medium
medium 959
low
low 24
% Critical
1.7%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-46840 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help D… | |||
| CVE-2022-45841 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9. | |||
| CVE-2022-38055 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0… | |||
| CVE-2022-40975 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7. | |||
| CVE-2022-45851 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4. | |||
| CVE-2022-45351 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | |||
| CVE-2022-45839 | medium | 5.4 | 5.4 | 3y ago | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA WHA Puzzle plugin <= 1.0.9 versions. | |||
| CVE-2022-45804 | medium | 5.4 | 5.4 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.9 leading to galleries hierarchy change, included plugin deactivate & acti… | |||
| CVE-2022-45091 | medium | 5.4 | 5.4 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This iss… | |||
| CVE-2022-45086 | medium | 5.4 | 5.4 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This issu… | |||
| CVE-2022-4554 | medium | 5.4 | 5.4 | 3y ago | B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.… | |||
| CVE-2022-44590 | medium | 5.4 | 5.4 | 4y ago | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao's Simple Video Embedder plugin <= 2.2 on WordPress. | |||
| CVE-2022-36404 | medium | 5.4 | 5.4 | 4y ago | Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions. | |||
| CVE-2022-0900 | medium | 5.4 | 5.4 | 4y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from unspecified before… | |||
| CVE-2022-26523 | medium | 5.3 | 5.3 | 29d ago | The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service… | |||
| CVE-2022-47601 | medium | 5.3 | 5.3 | 1y ago | Missing Authorization vulnerability in JoomUnited WP Table Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Table Manager: from n/a through 3.5.2. | |||
| CVE-2022-47429 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in 8Degree Themes Coming Soon Landing Page and Maintenance Mode WordPress Plugin allows Retrieve Embedded Sensitive Data.This issue affects Coming Soon Landing Pag… | |||
| CVE-2022-47182 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Wpexpertsio APIExperts Square for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects APIExperts Square for W… | |||
| CVE-2022-46846 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Trending/Popular Post Slider and Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af… | |||
| CVE-2022-44578 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Pierre JEHAN Owl Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through 0.5.3. | |||
| CVE-2022-44595 | medium | 5.3 | 5.3 | 2y ago | Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0. | |||
| CVE-2022-21626 | medium | 5.3 | 5.3 | 4y ago | RHSA-2023:0128: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21618 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:7012: java-11-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21540 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important) | |||
| CVE-2022-21549 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important) | |||
| CVE-2022-21366 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0185: java-11-openjdk security update (Moderate) | |||
| CVE-2022-21360 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21341 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21340 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21305 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21299 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21296 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21294 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21293 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21291 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0185: java-11-openjdk security update (Moderate) | |||
| CVE-2022-21283 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21282 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21277 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0185: java-11-openjdk security update (Moderate) | |||
| CVE-2022-40211 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1. | |||
| CVE-2022-44629 | medium | 4.8 | 4.8 | 3y ago | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0 versions. | |||
| CVE-2022-47436 | medium | 4.8 | 4.8 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Yatra allows Stored XSS.This issue affects Yatra: from n/a through 2.1.14. | |||
| CVE-2022-43480 | medium | 4.8 | 4.8 | 3y ago | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions. | |||
| CVE-2022-32537 | medium | 4.8 | 4.8 | 4y ago | A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components… | |||
| CVE-2022-44628 | medium | 4.8 | 4.8 | 4y ago | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress. | |||
| CVE-2022-48816 | medium | 4.7 | 4.7 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: lock against ->sock changing during sysfs read ->sock can be set to NULL asynchronously unless ->recv_mutex is held. So i… | |||
| CVE-2022-41656 | medium | 4.3 | 4.3 | 9d ago | Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCom… | |||
| CVE-2022-50955 | medium | 4.3 | 4.3 | 26d ago | WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can … | |||
| CVE-2022-47176 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: … | |||
| CVE-2022-47168 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in printful Printful Integration for WooCommerce printful-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… | |||
| CVE-2022-46811 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in VillaTheme(villatheme.com) ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Le… | |||
| CVE-2022-46807 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for Wo… | |||
| CVE-2022-43472 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eRoom – Zoom Meetings … | |||
| CVE-2022-47604 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13. | |||
| CVE-2022-45352 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | |||
| CVE-2022-45349 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | |||
| CVE-2022-40702 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2. | |||
| CVE-2022-40219 | medium | 4.3 | 4.3 | 4y ago | Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change. | |||
| CVE-2022-28880 | medium | 4.3 | 4.3 | 4y ago | A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The … | |||
| CVE-2022-29071 | medium | 4.0 | 4.0 | 4y ago | This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked … | |||
| CVE-2022-45809 | low | 3.7 | 3.7 | 3y ago | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ricard Torres Thumbs Rating.This issue affects Thumbs Rating: from n/a through 5.0.0. | |||
| CVE-2022-39399 | low | 3.7 | 3.7 | 4y ago | RHSA-2022:7012: java-11-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21624 | low | 3.7 | 3.7 | 4y ago | RHSA-2023:0128: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21619 | low | 3.7 | 3.7 | 4y ago | RHSA-2023:0128: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-45819 | low | 3.5 | 3.5 | 2y ago | Missing Authorization vulnerability in Popup Maker Popup Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Maker: from n/a through 1.17.1. | |||
| CVE-2022-3358 | low | — | 3.5 | 4y ago | Low: openssl security and bug fix update | |||
| CVE-2022-24101 | low | 3.3 | 3.3 | 4y ago | Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensit… | |||
| CVE-2022-27227 | low | — | 2.5 | — | In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an… | |||
| CVE-2022-29458 | low | — | 2.5 | 10mo ago | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. | |||
| CVE-2022-45063 | low | — | 2.5 | 1y ago | Low: xterm security update | |||
| CVE-2022-43939 | unknown | — | 2.5 | 1y ago | Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization. | |||
| CVE-2022-43769 | unknown | — | 2.5 | 1y ago | Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution. | |||
| CVE-2022-22948 | unknown | — | 2.5 | 2y ago | VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information. | |||
| CVE-2022-48554 | low | — | 2.5 | 2y ago | File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project. | |||
| CVE-2022-29303 | unknown | — | 2.5 | 3y ago | SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web server. | |||
| CVE-2022-28805 | low | — | 2.5 | 3y ago | Low: lua security update | |||
| CVE-2022-1615 | low | — | 2.5 | 3y ago | RHSA-2023:2987: samba security, bug fix, and enhancement update (Low) | |||
| CVE-2022-43552 | low | — | 2.5 | 3y ago | A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operat… | |||
| CVE-2022-36227 | low | — | 2.5 | 3y ago | RHSA-2023:3018: libarchive security update (Low) | |||
| CVE-2022-35252 | low | — | 2.5 | 3y ago | When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. … | |||
| CVE-2022-41862 | low | — | 2.5 | 3y ago | RHSA-2023:7016: libpq security update (Low) | |||
| CVE-2022-35914 | unknown | — | 2.5 | 3y ago | Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed. | |||
| CVE-2022-28810 | unknown | — | 2.5 | 3y ago | Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset. | |||
| CVE-2022-47986 | unknown | — | 2.5 | 3y ago | IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw. | |||
| CVE-2022-46169 | unknown | — | 2.5 | 3y ago | Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code. | |||
| CVE-2022-24990 | unknown | — | 2.5 | 3y ago | TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint. | |||
| CVE-2022-21587 | unknown | — | 2.5 | 3y ago | Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. | |||
| CVE-2022-47966 | unknown | — | 2.5 | 3y ago | Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario. | |||
| CVE-2022-44877 | unknown | — | 2.5 | 3y ago | CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter. | |||
| CVE-2022-2990 | low | — | 2.5 | 4y ago | RHSA-2022:7822: container-tools:rhel8 security, bug fix, and enhancement update (Low) | |||
| CVE-2022-24735 | low | — | 2.5 | 4y ago | RHSA-2022:7541: redis:6 security, bug fix, and enhancement update (Low) | |||
| CVE-2022-2211 | low | — | 2.5 | 4y ago | RHSA-2022:7472: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Low) | |||
| CVE-2022-0897 | low | — | 2.5 | 4y ago | RHSA-2022:7472: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Low) | |||
| CVE-2022-23645 | low | — | 2.5 | 4y ago | RHSA-2022:7472: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Low) | |||
| CVE-2022-24736 | low | — | 2.5 | 4y ago | RHSA-2022:7541: redis:6 security, bug fix, and enhancement update (Low) | |||
| CVE-2022-1122 | low | — | 2.5 | 4y ago | RHSA-2022:7645: openjpeg2 security update (Low) | |||
| CVE-2022-41352 | unknown | — | 2.5 | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts. | |||
| CVE-2022-40684 | unknown | — | 2.5 | 4y ago | Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface … | |||
| CVE-2022-41082 | unknown | — | 2.5 | 4y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which … | |||
| CVE-2022-41040 | unknown | — | 2.5 | 4y ago | Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution. | |||
| CVE-2022-36804 | unknown | — | 2.5 | 4y ago | Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions… |