CVEs from 2022
Total
8,277
critical
critical 88
high
high 1,240
medium
medium 887
low
low 23
% Critical
1.1%
% with KEV
1.6%
% with exploit
1.6%
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2022-24706 | critical | — | 10.0 | 4y ago | Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges. | |
| CVE-2022-26485 | critical | — | 10.0 | 4y ago | Critical: firefox security update | |
| CVE-2022-50993 | critical | 9.8 | 9.8 | 27d ago | Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicio… | |
| CVE-2022-45806 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from … | |
| CVE-2022-45832 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3. | |
| CVE-2022-38057 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1. | |
| CVE-2022-40700 | critical | 9.8 | 9.8 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWal… | |
| CVE-2022-41786 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.1. | |
| CVE-2022-36418 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through 2.0.0. | |
| CVE-2022-46839 | critical | 9.8 | 9.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/… | |
| CVE-2022-45377 | critical | 9.8 | 9.8 | 3y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce.This issue affects Drag and Drop Multiple File Upload for WooCo… | |
| CVE-2022-46809 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & R… | |
| CVE-2022-46803 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin.This issue affects Simple Newsletter Plugin – Noptin: from n/a through 1… | |
| CVE-2022-46801 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from n/a through 6.2.0. | |
| CVE-2022-45810 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram… | |
| CVE-2022-45370 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1. | |
| CVE-2022-45360 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Scott Reilly Commenter Emails.This issue affects Commenter Emails: from n/a through 2.6.1. | |
| CVE-2022-46802 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce.This issue affects Product Reviews Import Export for WooCommerce: fr… | |
| CVE-2022-45357 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75. | |
| CVE-2022-47432 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB:… | |
| CVE-2022-47430 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue … | |
| CVE-2022-47428 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Boo… | |
| CVE-2022-47420 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibilit… | |
| CVE-2022-46860 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4. | |
| CVE-2022-46849 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This i… | |
| CVE-2022-45373 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Anal… | |
| CVE-2022-46818 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to s… | |
| CVE-2022-47445 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Comp… | |
| CVE-2022-47426 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection.This issue affects Neshan Maps:… | |
| CVE-2022-46859 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Cal… | |
| CVE-2022-46808 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember:… | |
| CVE-2022-45805 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment … | |
| CVE-2022-47588 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection… | |
| CVE-2022-3760 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med. This issue affects Mia-Med: before 1.0.0.58. | |
| CVE-2022-2504 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SDD Computer Software SDD-Baro allows SQL Injection. This issue affects SDD-Baro: before 2.8.432. | |
| CVE-2022-4557 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Sm… | |
| CVE-2022-45088 | critical | 9.8 | 9.8 | 3y ago | Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion. This issue affects Smartpower Web: before 23.01.01. | |
| CVE-2022-4422 | critical | 9.8 | 9.8 | 3y ago | Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthenticated Sql Injection vulnerability. This has been fixed in the version 3.0 | |
| CVE-2022-3792 | critical | 9.8 | 9.8 | 3y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GullsEye GullsEye terminal operating system allows SQL Injection. This issue affects GullsEye te… | |
| CVE-2022-44588 | critical | 9.8 | 9.8 | 4y ago | Unauth. SQL Injection vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress. | |
| CVE-2022-4364 | critical | 9.8 | 9.8 | 4y ago | A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation … | |
| CVE-2022-2807 | critical | 9.8 | 9.8 | 4y ago | SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection. This issue affects Prens Student Information System: before 2.1.11. | |
| CVE-2022-45047 | critical | 9.8 | 9.8 | 4y ago | Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of sever… | |
| CVE-2022-32224 | critical | 9.8 | 9.8 | 4y ago | Active Record RCE bug with Serialized Columns | |
| CVE-2022-34835 | critical | 9.8 | 9.8 | 4y ago | In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md … | |
| CVE-2022-0664 | critical | 9.8 | 9.8 | 4y ago | Use of Hard-coded Cryptographic Key in Netmaker in github.com/gravitl/netmaker | |
| CVE-2022-23305 | critical | 9.8 | 9.8 | 4y ago | Important: parfait:0.5 security update | |
| CVE-2022-1867 | critical | — | 9.5 | — | Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content. | |
| CVE-2022-1862 | critical | — | 9.5 | — | Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a craft… | |
| CVE-2022-1856 | critical | — | 9.5 | — | Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted… | |
| CVE-2022-1875 | critical | — | 9.5 | — | Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2022-1858 | critical | — | 9.5 | — | Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction. | |
| CVE-2022-1859 | critical | — | 9.5 | — | Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corrupt… | |
| CVE-2022-1864 | critical | — | 9.5 | — | Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafte… | |
| CVE-2022-1855 | critical | — | 9.5 | — | Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2022-42719 | critical | — | 9.5 | — | A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the ke… | |
| CVE-2022-1870 | critical | — | 9.5 | — | Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Ch… | |
| CVE-2022-28209 | critical | — | 9.5 | — | unknown in mediawiki | |
| CVE-2022-1854 | critical | — | 9.5 | — | Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2022-0336 | critical | — | 9.5 | — | The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypa… | |
| CVE-2022-1868 | critical | — | 9.5 | — | Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via … | |
| CVE-2022-28205 | critical | — | 9.5 | — | unknown in mediawiki | |
| CVE-2022-29155 | critical | — | 9.5 | — | In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur duri… | |
| CVE-2022-28206 | critical | — | 9.5 | — | unknown in mediawiki | |
| CVE-2022-24883 | critical | — | 9.5 | — | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the serve… | |
| CVE-2022-24882 | critical | — | 9.5 | — | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty passwor… | |
| CVE-2022-1860 | critical | — | 9.5 | — | Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap… | |
| CVE-2022-1863 | critical | — | 9.5 | — | Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chr… | |
| CVE-2022-1872 | critical | — | 9.5 | — | Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a cr… | |
| CVE-2022-1873 | critical | — | 9.5 | — | Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2022-1874 | critical | — | 9.5 | — | Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page. | |
| CVE-2022-1869 | critical | — | 9.5 | — | Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2022-1857 | critical | — | 9.5 | — | Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. | |
| CVE-2022-1865 | critical | — | 9.5 | — | Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chro… | |
| CVE-2022-1853 | critical | — | 9.5 | — | Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |
| CVE-2022-1871 | critical | — | 9.5 | — | Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a… | |
| CVE-2022-1866 | critical | — | 9.5 | — | Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap c… | |
| CVE-2022-1861 | critical | — | 9.5 | — | Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corrup… | |
| CVE-2022-1876 | critical | — | 9.5 | — | Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted… | |
| CVE-2022-0185 | high | — | 9.5 | 2y ago | Important: kernel security and bug fix update | |
| CVE-2022-48503 | high | — | 9.5 | 3y ago | Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be… | |
| CVE-2022-42856 | high | — | 9.5 | 3y ago | Important: webkit2gtk3 security update | |
| CVE-2022-1802 | critical | — | 9.5 | 4y ago | Critical: firefox security update | |
| CVE-2022-1529 | critical | — | 9.5 | 4y ago | Critical: thunderbird security update | |
| CVE-2022-0847 | high | — | 9.5 | 4y ago | Important: kernel security, bug fix, and enhancement update | |
| CVE-2022-24783 | critical | — | 9.5 | 4y ago | Sandbox bypass leading to arbitrary code execution in Deno | |
| CVE-2022-1096 | high | — | 9.5 | 4y ago | Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multipl… | |
| CVE-2022-26486 | high | — | 9.5 | 4y ago | Important: thunderbird security update | |
| CVE-2022-0495 | critical | 9.4 | 9.4 | 4y ago | The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01. | |
| CVE-2022-2315 | critical | 9.4 | 9.4 | 4y ago | Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | |
| CVE-2022-2177 | critical | 9.4 | 9.4 | 4y ago | Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | |
| CVE-2022-1277 | critical | 9.4 | 9.4 | 4y ago | Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. | |
| CVE-2022-46838 | critical | 9.1 | 9.1 | 2y ago | Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help D… | |
| CVE-2022-39269 | critical | 9.1 | 9.1 | 4y ago | PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SR… | |
| CVE-2022-50944 | high | 8.8 | 8.8 | 17d ago | Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can up… | |
| CVE-2022-45356 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | |
| CVE-2022-45845 | high | 8.8 | 8.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9. | |
| CVE-2022-42884 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7. | |
| CVE-2022-41790 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76. | |
| CVE-2022-41990 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8. |