CVEs from 2022
Total
6,002
critical
critical 88
high
high 1,240
medium
medium 887
low
low 23
% Critical
1.5%
% with KEV
2.2%
% with exploit
2.2%
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2022-40203 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5. | |
| CVE-2022-36352 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities… | |
| CVE-2022-34344 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Who… | |
| CVE-2022-47181 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affec… | |
| CVE-2022-44738 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3. | |
| CVE-2022-42882 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter.This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8. | |
| CVE-2022-41616 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1. | |
| CVE-2022-38702 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0. | |
| CVE-2022-46821 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Jackmail & Sarbacane Emails & Newsletters with Jackmail.This issue affects Emails & Newsletters with Jackmail: from n/a thro… | |
| CVE-2022-46804 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3. | |
| CVE-2022-45348 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in anmari amr users.This issue affects amr users: from n/a through 4.59.4. | |
| CVE-2022-47442 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9. | |
| CVE-2022-45350 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit t… | |
| CVE-2022-34155 | high | 8.8 | 8.8 | 3y ago | Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/… | |
| CVE-2022-46857 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions. | |
| CVE-2022-47177 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin <= 4.1 versions. | |
| CVE-2022-47165 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin <= 3.3.8 versions. | |
| CVE-2022-47149 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 3.4.0 versions. | |
| CVE-2022-47164 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.7.7 versions. | |
| CVE-2022-47180 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin <= 1.3.5 versions. | |
| CVE-2022-46794 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping.Com WooCommerce Weight Based Shipping plugin <= 5.4.1 versions. | |
| CVE-2022-45079 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. | |
| CVE-2022-38074 | high | 8.8 | 8.8 | 3y ago | SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions. | |
| CVE-2022-45068 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <= 6.3.1. | |
| CVE-2022-45090 | high | 8.8 | 8.8 | 3y ago | Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01. | |
| CVE-2022-45089 | high | 8.8 | 8.8 | 3y ago | Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01. | |
| CVE-2022-46842 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions. | |
| CVE-2022-46815 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions. | |
| CVE-2022-45807 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions. | |
| CVE-2022-45067 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions. | |
| CVE-2022-40692 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions. | |
| CVE-2022-42699 | high | 8.8 | 8.8 | 4y ago | Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | |
| CVE-2022-2808 | high | 8.8 | 8.8 | 4y ago | Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection. This issue affects Prens Student Informa… | |
| CVE-2022-44737 | high | 8.8 | 8.8 | 4y ago | Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. | |
| CVE-2022-41685 | high | 8.8 | 8.8 | 4y ago | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <=… | |
| CVE-2022-41791 | high | 8.8 | 8.8 | 4y ago | Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. | |
| CVE-2022-41106 | high | 8.8 | 8.8 | 4y ago | Microsoft Excel Remote Code Execution Vulnerability | |
| CVE-2022-38079 | high | 8.8 | 8.8 | 4y ago | Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress. | |
| CVE-2022-36110 | high | 8.8 | 8.8 | 4y ago | Netmaker vulnerable to Insufficient Granularity of Access Control in github.com/gravitl/netmaker | |
| CVE-2022-23650 | high | 8.8 | 8.8 | 4y ago | Use of Hard-coded Cryptographic Key in Netmaker | |
| CVE-2022-23307 | high | 8.8 | 8.8 | 4y ago | Deserialization of Untrusted Data in Apache Log4j | |
| CVE-2022-23302 | high | 8.8 | 8.8 | 4y ago | Deserialization of Untrusted Data in Log4j 1.x | |
| CVE-2022-21840 | high | 8.8 | 8.8 | 4y ago | Microsoft Office Remote Code Execution Vulnerability | |
| CVE-2022-47151 | high | 8.6 | 8.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Bes… | |
| CVE-2022-2601 | high | 8.6 | 8.6 | 4y ago | Moderate: grub2 security update | |
| CVE-2022-24036 | high | 8.6 | 8.6 | 4y ago | Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs. | |
| CVE-2022-24037 | high | 8.2 | 8.2 | 4y ago | Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to obtain critical information. | |
| CVE-2022-50994 | high | 8.1 | 8.1 | 20d ago | DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands… | |
| CVE-2022-46850 | high | 8.1 | 8.1 | 3y ago | Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions. | |
| CVE-2022-45353 | high | 8.1 | 8.1 | 3y ago | Broken Access Control in Betheme theme <= 26.6.1 on WordPress. | |
| CVE-2022-45829 | high | 8.1 | 8.1 | 4y ago | Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress. | |
| CVE-2022-22576 | high | 8.1 | 8.1 | 4y ago | Moderate: curl security update | |
| CVE-2022-26981 | high | — | 8.0 | — | Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). | |
| CVE-2022-42329 | high | — | 8.0 | — | Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-… | |
| CVE-2022-0667 | high | — | 8.0 | — | When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 | |
| CVE-2022-20771 | high | — | 8.0 | — | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiV… | |
| CVE-2022-1639 | high | — | 8.0 | — | Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2022-20796 | high | — | 8.0 | — | On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.10… | |
| CVE-2022-1641 | high | — | 8.0 | — | Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit h… | |
| CVE-2022-1124 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-3874 | high | — | 8.0 | — | Important: Satellite 6.14 security and bug fix update | |
| CVE-2022-1183 | high | — | 8.0 | — | On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-… | |
| CVE-2022-1426 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-1416 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-1919 | high | — | 8.0 | — | Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2022-1417 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-2978 | high | — | 8.0 | — | A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user co… | |
| CVE-2022-29582 | high | — | 8.0 | — | In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; howe… | |
| CVE-2022-41849 | high | — | 8.0 | — | drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a… | |
| CVE-2022-40307 | high | — | 8.0 | — | An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. | |
| CVE-2022-3977 | high | — | 8.0 | — | A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close hap… | |
| CVE-2022-3586 | high | — | 8.0 | — | A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (… | |
| CVE-2022-39842 | high | — | 8.0 | — | An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer over… | |
| CVE-2022-40768 | high | — | 8.0 | — | drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | |
| CVE-2022-3910 | high | — | 8.0 | — | Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring wa… | |
| CVE-2022-1352 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-1406 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-3544 | high | — | 8.0 | — | A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function damon_sysfs_add_target of the file mm/damon/sysfs.c of the component Netfilter. The manipulat… | |
| CVE-2022-41850 | high | — | 8.0 | — | roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a … | |
| CVE-2022-34494 | high | — | 8.0 | — | rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. | |
| CVE-2022-34495 | high | — | 8.0 | — | rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. | |
| CVE-2022-28389 | high | — | 8.0 | — | mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. | |
| CVE-2022-29915 | high | — | 8.0 | — | The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100. | |
| CVE-2022-1460 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-30294 | high | — | 8.0 | — | arbitrary code execution in wpewebkit | |
| CVE-2022-31748 | high | — | 8.0 | — | Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of… | |
| CVE-2022-1423 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-31745 | high | — | 8.0 | — | If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101. | |
| CVE-2022-3541 | high | — | 8.0 | — | A vulnerability classified as critical has been found in Linux Kernel. This affects the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component… | |
| CVE-2022-0635 | high | — | 8.0 | — | Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. | |
| CVE-2022-3534 | high | — | 8.0 | — | A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads… | |
| CVE-2022-3543 | high | — | 8.0 | — | A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c of the comp… | |
| CVE-2022-1637 | high | — | 8.0 | — | Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2022-1195 | high | — | 8.0 | — | A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixp… | |
| CVE-2022-3606 | high | — | 8.0 | — | A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipula… | |
| CVE-2022-20770 | high | — | 8.0 | — | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus … | |
| CVE-2022-0843 | high | — | 8.0 | — | Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that w… | |
| CVE-2022-26385 | high | — | 8.0 | — | In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability af… | |
| CVE-2022-1015 | high | — | 8.0 | — | A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. | |
| CVE-2022-1640 | high | — | 8.0 | — | Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a cra… |