CVEs from 2022
Total
6,001
critical
critical 88
high
high 1,239
medium
medium 887
low
low 24
% Critical
1.5%
% with KEV
2.2%
% with exploit
2.2%
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2022-24706 | critical | — | 10.0 | 4y ago | Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges. | |
| CVE-2022-26485 | critical | — | 10.0 | 4y ago | Critical: firefox security update | |
| CVE-2022-2586 | medium | — | 7.0 | 4y ago | It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. | |
| CVE-2022-32893 | medium | — | 7.0 | 4y ago | Moderate: webkit2gtk3 security update | |
| CVE-2022-22620 | medium | — | 7.0 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |
| CVE-2022-24816 | unknown | — | 1.5 | 3y ago | Improper Control of Generation of Code ('Code Injection') in jai-ext | |
| CVE-2022-36537 | unknown | — | 1.5 | 4y ago | ZK Framework vulnerable to malicious POST | |
| CVE-2022-33891 | unknown | — | 1.5 | 4y ago | Apache Spark UI can allow impersonation if ACLs enabled | |
| CVE-2022-22963 | unknown | — | 1.5 | 4y ago | Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression | |
| CVE-2022-22965 | unknown | — | 1.5 | 4y ago | Remote Code Execution in Spring Framework | |
| CVE-2022-22947 | unknown | — | 1.5 | 4y ago | Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured |