CVEs from 2022
Total
8,004
critical
critical 88
high
high 1,240
medium
medium 887
low
low 23
% Critical
1.1%
% with KEV
1.6%
% with exploit
1.6%
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2022-40203 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5. | |
| CVE-2022-36352 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities… | |
| CVE-2022-34344 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Who… | |
| CVE-2022-47181 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affec… | |
| CVE-2022-44738 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3. | |
| CVE-2022-42882 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter.This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8. | |
| CVE-2022-41616 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1. | |
| CVE-2022-38702 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0. | |
| CVE-2022-46821 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Jackmail & Sarbacane Emails & Newsletters with Jackmail.This issue affects Emails & Newsletters with Jackmail: from n/a thro… | |
| CVE-2022-46804 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3. | |
| CVE-2022-45348 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in anmari amr users.This issue affects amr users: from n/a through 4.59.4. | |
| CVE-2022-47442 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9. | |
| CVE-2022-45350 | high | 8.8 | 8.8 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit t… | |
| CVE-2022-34155 | high | 8.8 | 8.8 | 3y ago | Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/… | |
| CVE-2022-46857 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions. | |
| CVE-2022-47177 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin <= 4.1 versions. | |
| CVE-2022-47165 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin <= 3.3.8 versions. | |
| CVE-2022-47149 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 3.4.0 versions. | |
| CVE-2022-47164 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.7.7 versions. | |
| CVE-2022-47180 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin <= 1.3.5 versions. | |
| CVE-2022-46794 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping.Com WooCommerce Weight Based Shipping plugin <= 5.4.1 versions. | |
| CVE-2022-45079 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. | |
| CVE-2022-38074 | high | 8.8 | 8.8 | 3y ago | SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions. | |
| CVE-2022-45068 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <= 6.3.1. | |
| CVE-2022-45090 | high | 8.8 | 8.8 | 3y ago | Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01. | |
| CVE-2022-45089 | high | 8.8 | 8.8 | 3y ago | Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01. | |
| CVE-2022-46842 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions. | |
| CVE-2022-46815 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions. | |
| CVE-2022-45807 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions. | |
| CVE-2022-45067 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions. | |
| CVE-2022-40692 | high | 8.8 | 8.8 | 3y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions. | |
| CVE-2022-42699 | high | 8.8 | 8.8 | 4y ago | Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | |
| CVE-2022-2808 | high | 8.8 | 8.8 | 4y ago | Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection. This issue affects Prens Student Informa… | |
| CVE-2022-44737 | high | 8.8 | 8.8 | 4y ago | Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. | |
| CVE-2022-41685 | high | 8.8 | 8.8 | 4y ago | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce plugin <= 5.6.3.2 and Csomagpontok és szállítási címkék WooCommerce-hez plugin <=… | |
| CVE-2022-41791 | high | 8.8 | 8.8 | 4y ago | Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. | |
| CVE-2022-41106 | high | 8.8 | 8.8 | 4y ago | Microsoft Excel Remote Code Execution Vulnerability | |
| CVE-2022-38079 | high | 8.8 | 8.8 | 4y ago | Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugin <= 1.5.13 at WordPress. | |
| CVE-2022-36110 | high | 8.8 | 8.8 | 4y ago | Netmaker vulnerable to Insufficient Granularity of Access Control in github.com/gravitl/netmaker | |
| CVE-2022-23650 | high | 8.8 | 8.8 | 4y ago | Use of Hard-coded Cryptographic Key in Netmaker | |
| CVE-2022-23307 | high | 8.8 | 8.8 | 4y ago | Important: parfait:0.5 security update | |
| CVE-2022-23302 | high | 8.8 | 8.8 | 4y ago | Important: parfait:0.5 security update | |
| CVE-2022-21840 | high | 8.8 | 8.8 | 4y ago | Microsoft Office Remote Code Execution Vulnerability | |
| CVE-2022-47151 | high | 8.6 | 8.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Bes… | |
| CVE-2022-2601 | high | 8.6 | 8.6 | 4y ago | Moderate: grub2 security update | |
| CVE-2022-24036 | high | 8.6 | 8.6 | 4y ago | Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs. | |
| CVE-2022-24037 | high | 8.2 | 8.2 | 4y ago | Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to obtain critical information. | |
| CVE-2022-50994 | high | 8.1 | 8.1 | 20d ago | DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands… | |
| CVE-2022-46850 | high | 8.1 | 8.1 | 3y ago | Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions. | |
| CVE-2022-45353 | high | 8.1 | 8.1 | 3y ago | Broken Access Control in Betheme theme <= 26.6.1 on WordPress. | |
| CVE-2022-45829 | high | 8.1 | 8.1 | 4y ago | Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress. | |
| CVE-2022-22576 | high | 8.1 | 8.1 | 4y ago | Moderate: curl security update | |
| CVE-2022-32278 | high | — | 8.0 | — | XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. | |
| CVE-2022-1198 | high | — | 8.0 | — | A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. | |
| CVE-2022-1416 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-3643 | high | — | 8.0 | — | Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of pac… | |
| CVE-2022-47941 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak. | |
| CVE-2022-1195 | high | — | 8.0 | — | A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixp… | |
| CVE-2022-20803 | high | — | 8.0 | — | A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affect… | |
| CVE-2022-31745 | high | — | 8.0 | — | If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101. | |
| CVE-2022-3646 | high | — | 8.0 | — | A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The… | |
| CVE-2022-31783 | high | — | 8.0 | — | Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. | |
| CVE-2022-34495 | high | — | 8.0 | — | rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. | |
| CVE-2022-28389 | high | — | 8.0 | — | mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. | |
| CVE-2022-32744 | high | — | 8.0 | — | A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabl… | |
| CVE-2022-3606 | high | — | 8.0 | — | A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipula… | |
| CVE-2022-1199 | high | — | 8.0 | — | A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-aft… | |
| CVE-2022-47942 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed S… | |
| CVE-2022-47943 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case. | |
| CVE-2022-32745 | high | — | 8.0 | — | A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. | |
| CVE-2022-1516 | high | — | 8.0 | — | A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and… | |
| CVE-2022-3910 | high | — | 8.0 | — | Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring wa… | |
| CVE-2022-1204 | high | — | 8.0 | — | A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. | |
| CVE-2022-47946 | high | — | 8.0 | — | An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. fini… | |
| CVE-2022-1426 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-3649 | high | — | 8.0 | — | A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads t… | |
| CVE-2022-40768 | high | — | 8.0 | — | drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | |
| CVE-2022-1423 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2022-3061 | high | — | 8.0 | — | Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a di… | |
| CVE-2022-3874 | high | — | 8.0 | — | Important: Satellite 6.14 security and bug fix update | |
| CVE-2022-41850 | high | — | 8.0 | — | roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a … | |
| CVE-2022-1160 | high | — | 8.0 | — | heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. | |
| CVE-2022-1641 | high | — | 8.0 | — | Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit h… | |
| CVE-2022-1639 | high | — | 8.0 | — | Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2022-1015 | high | — | 8.0 | — | A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. | |
| CVE-2022-3303 | high | — | 8.0 | — | A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local u… | |
| CVE-2022-3636 | high | — | 8.0 | — | A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethern… | |
| CVE-2022-1205 | high | — | 8.0 | — | A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the sys… | |
| CVE-2022-20785 | high | — | 8.0 | — | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus… | |
| CVE-2022-3635 | high | — | 8.0 | — | A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The mani… | |
| CVE-2022-40307 | high | — | 8.0 | — | An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. | |
| CVE-2022-2031 | high | — | 8.0 | — | A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has bee… | |
| CVE-2022-32296 | high | — | 8.0 | — | The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RF… | |
| CVE-2022-0843 | high | — | 8.0 | — | Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that w… | |
| CVE-2022-4130 | high | — | 8.0 | — | Important: Satellite 6.14 security and bug fix update | |
| CVE-2022-47938 | high | — | 8.0 | — | An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT. | |
| CVE-2022-29582 | high | — | 8.0 | — | In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; howe… | |
| CVE-2022-29918 | high | — | 8.0 | — | Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presum… | |
| CVE-2022-39842 | high | — | 8.0 | — | An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer over… | |
| CVE-2022-1640 | high | — | 8.0 | — | Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a cra… |