CVEs from 2022
Total
5,252
critical
critical 90
high
high 1,233
medium
medium 957
low
low 24
% Critical
1.7%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-38055 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0… | |||
| CVE-2022-40975 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7. | |||
| CVE-2022-45851 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4. | |||
| CVE-2022-45351 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | |||
| CVE-2022-45839 | medium | 5.4 | 5.4 | 3y ago | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA WHA Puzzle plugin <= 1.0.9 versions. | |||
| CVE-2022-45804 | medium | 5.4 | 5.4 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.9 leading to galleries hierarchy change, included plugin deactivate & acti… | |||
| CVE-2022-45091 | medium | 5.4 | 5.4 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This iss… | |||
| CVE-2022-45086 | medium | 5.4 | 5.4 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This issu… | |||
| CVE-2022-4554 | medium | 5.4 | 5.4 | 3y ago | B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.… | |||
| CVE-2022-44590 | medium | 5.4 | 5.4 | 4y ago | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao's Simple Video Embedder plugin <= 2.2 on WordPress. | |||
| CVE-2022-36404 | medium | 5.4 | 5.4 | 4y ago | Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions. | |||
| CVE-2022-0900 | medium | 5.4 | 5.4 | 4y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from unspecified before… | |||
| CVE-2022-26523 | medium | 5.3 | 5.3 | 28d ago | The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service… | |||
| CVE-2022-47601 | medium | 5.3 | 5.3 | 1y ago | Missing Authorization vulnerability in JoomUnited WP Table Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Table Manager: from n/a through 3.5.2. | |||
| CVE-2022-47429 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in 8Degree Themes Coming Soon Landing Page and Maintenance Mode WordPress Plugin allows Retrieve Embedded Sensitive Data.This issue affects Coming Soon Landing Pag… | |||
| CVE-2022-47182 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Wpexpertsio APIExperts Square for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects APIExperts Square for W… | |||
| CVE-2022-46846 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Trending/Popular Post Slider and Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af… | |||
| CVE-2022-44578 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Pierre JEHAN Owl Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through 0.5.3. | |||
| CVE-2022-44595 | medium | 5.3 | 5.3 | 2y ago | Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0. | |||
| CVE-2022-21618 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:7012: java-11-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21626 | medium | 5.3 | 5.3 | 4y ago | RHSA-2023:0128: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21549 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important) | |||
| CVE-2022-21540 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important) | |||
| CVE-2022-21366 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0185: java-11-openjdk security update (Moderate) | |||
| CVE-2022-21360 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21341 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21340 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21305 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21299 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21296 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21294 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21293 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21291 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0185: java-11-openjdk security update (Moderate) | |||
| CVE-2022-21283 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21282 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21277 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0185: java-11-openjdk security update (Moderate) | |||
| CVE-2022-40211 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1. | |||
| CVE-2022-44629 | medium | 4.8 | 4.8 | 3y ago | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0 versions. | |||
| CVE-2022-47436 | medium | 4.8 | 4.8 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Yatra allows Stored XSS.This issue affects Yatra: from n/a through 2.1.14. | |||
| CVE-2022-43480 | medium | 4.8 | 4.8 | 3y ago | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions. | |||
| CVE-2022-32537 | medium | 4.8 | 4.8 | 4y ago | A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components… | |||
| CVE-2022-44628 | medium | 4.8 | 4.8 | 4y ago | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress. | |||
| CVE-2022-48816 | medium | 4.7 | 4.7 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: lock against ->sock changing during sysfs read ->sock can be set to NULL asynchronously unless ->recv_mutex is held. So i… | |||
| CVE-2022-41656 | medium | 4.3 | 4.3 | 9d ago | Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCom… | |||
| CVE-2022-50955 | medium | 4.3 | 4.3 | 26d ago | WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can … | |||
| CVE-2022-47176 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: … | |||
| CVE-2022-47168 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in printful Printful Integration for WooCommerce printful-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… | |||
| CVE-2022-46811 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in VillaTheme(villatheme.com) ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Le… | |||
| CVE-2022-46807 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for Wo… | |||
| CVE-2022-43472 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eRoom – Zoom Meetings … | |||
| CVE-2022-47604 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13. | |||
| CVE-2022-45352 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | |||
| CVE-2022-45349 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | |||
| CVE-2022-40702 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2. | |||
| CVE-2022-40219 | medium | 4.3 | 4.3 | 4y ago | Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change. | |||
| CVE-2022-28880 | medium | 4.3 | 4.3 | 4y ago | A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The … | |||
| CVE-2022-29071 | medium | 4.0 | 4.0 | 4y ago | This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked … |