CVEs from 2022
Total
5,732
critical
critical 88
high
high 1,220
medium
medium 938
low
low 24
% Critical
1.5%
% with KEV
2.3%
% with exploit
3.1%
Top vendors
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-27782 | high | 7.5 | 7.5 | 4y ago | RHSA-2022:5313: curl security update (Moderate) | |||
| CVE-2022-27781 | high | 7.5 | 7.5 | 4y ago | libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make li… | |||
| CVE-2022-29145 | high | 7.5 | 7.5 | 4y ago | RHSA-2022:2202: .NET Core 3.1 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-29117 | high | 7.5 | 7.5 | 4y ago | RHSA-2022:2202: .NET Core 3.1 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-23267 | high | 7.5 | 7.5 | 4y ago | RHSA-2022:2202: .NET Core 3.1 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-25647 | high | 7.5 | 7.5 | 4y ago | Deserialization of Untrusted Data in Gson | |||
| CVE-2022-21476 | high | 7.5 | 7.5 | 4y ago | RHSA-2022:1491: java-1.8.0-openjdk security update (Important) | |||
| CVE-2022-24763 | high | 7.5 | 7.5 | 4y ago | PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJS… | |||
| CVE-2022-0778 | high | 7.5 | 7.5 | 4y ago | RHSA-2022:5326: compat-openssl10 security update (Low) | |||
| CVE-2022-24464 | high | 7.5 | 7.5 | 4y ago | RHSA-2022:0830: .NET 5.0 security and bugfix update (Important) | |||
| CVE-2022-4988 | high | 7.3 | 7.3 | 19d ago | Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries. Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities s… | |||
| CVE-2022-45083 | high | 7.2 | 7.2 | 2y ago | Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.T… | |||
| CVE-2022-47599 | high | 7.2 | 7.2 | 3y ago | Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Ma… | |||
| CVE-2022-45078 | high | 7.2 | 7.2 | 3y ago | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solwin Infotech User Blocker.This issue affects User Blocker: from n/a through 1.5.5. | |||
| CVE-2022-47605 | high | 7.2 | 7.2 | 3y ago | Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.7.0 versions. | |||
| CVE-2022-27224 | high | 7.2 | 7.2 | 4y ago | An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools sect… | |||
| CVE-2022-48827 | high | 7.1 | 7.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near OFFSET_MAX Dan Aloni reports: > Due to commit 8cfb9015280d ("NFS: Always provide aligned buff… | |||
| CVE-2022-3775 | high | 7.1 | 7.1 | 4y ago | RHSA-2023:0049: grub2 security update (Moderate) | |||
| CVE-2022-2347 | high | 7.1 | 7.1 | 4y ago | There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction co… | |||
| CVE-2022-2586 | medium | — | 7.0 | 4y ago | RHSA-2022:7683: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-32893 | medium | — | 7.0 | 4y ago | RHSA-2022:6540: webkit2gtk3 security update (Moderate) | |||
| CVE-2022-22620 | medium | — | 7.0 | 4y ago | RHSA-2022:1777: webkit2gtk3 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-28247 | medium | 6.7 | 6.7 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local priv… | |||
| CVE-2022-45899 | medium | 6.5 | 6.5 | 23d ago | Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field. | |||
| CVE-2022-41650 | medium | 6.5 | 6.5 | 3mo ago | Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a throug… | |||
| CVE-2022-47594 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Guten… | |||
| CVE-2022-46796 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25. | |||
| CVE-2022-46795 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print … | |||
| CVE-2022-45840 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Affiliate Links: from n/a th… | |||
| CVE-2022-45852 | medium | 6.5 | 6.5 | 2y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly:… | |||
| CVE-2022-41698 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3. | |||
| CVE-2022-44633 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1. | |||
| CVE-2022-47160 | medium | 6.5 | 6.5 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wpmet Wp Social Login and Register Social Counter.This issue affects Wp Social Login and Register Social Counter: from n/a … | |||
| CVE-2022-41695 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in SedLex Traffic Manager.This issue affects Traffic Manager: from n/a through 1.4.5. | |||
| CVE-2022-41619 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in SedLex Image Zoom.This issue affects Image Zoom: from n/a through 1.8.8. | |||
| CVE-2022-38141 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.This issue affects Sales Report Email for WooCommerce: from n/a through 2.8. | |||
| CVE-2022-43450 | medium | 6.5 | 6.5 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2. | |||
| CVE-2022-40312 | medium | 6.5 | 6.5 | 3y ago | Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.2… | |||
| CVE-2022-45362 | medium | 6.5 | 6.5 | 3y ago | Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0. | |||
| CVE-2022-47593 | medium | 6.5 | 6.5 | 3y ago | Auth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin <= 1.6.35 versions. | |||
| CVE-2022-45085 | medium | 6.5 | 6.5 | 3y ago | Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery. This issue affects Smartpower Web: before 23.01.01. | |||
| CVE-2022-45824 | medium | 6.5 | 6.5 | 4y ago | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress. | |||
| CVE-2022-40216 | medium | 6.5 | 6.5 | 4y ago | Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress. | |||
| CVE-2022-24038 | medium | 6.5 | 6.5 | 4y ago | Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to damage the page where the agents are listed. | |||
| CVE-2022-26934 | medium | 6.5 | 6.5 | 4y ago | Windows Graphics Component Information Disclosure Vulnerability | |||
| CVE-2022-50961 | medium | 6.4 | 6.4 | 20d ago | WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend Setti… | |||
| CVE-2022-50949 | medium | 6.4 | 6.4 | 20d ago | WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized mov, pdf, mp4, we… | |||
| CVE-2022-50948 | medium | 6.4 | 6.4 | 20d ago | Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type fi… | |||
| CVE-2022-50947 | medium | 6.4 | 6.4 | 20d ago | WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the po… | |||
| CVE-2022-50946 | medium | 6.4 | 6.4 | 20d ago | WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title … | |||
| CVE-2022-50945 | medium | 6.4 | 6.4 | 20d ago | WordPress 3dady Real-Time Web Stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input … | |||
| CVE-2022-44626 | medium | 6.3 | 6.3 | 2y ago | Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20. | |||
| CVE-2022-28244 | medium | 6.3 | 6.3 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a violation of secure design principles through bypassing the content s… | |||
| CVE-2022-24512 | medium | 6.3 | 6.3 | 4y ago | RHSA-2022:0830: .NET 5.0 security and bugfix update (Important) | |||
| CVE-2022-50956 | medium | 6.2 | 6.2 | 20d ago | WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the… | |||
| CVE-2022-50954 | medium | 6.2 | 6.2 | 20d ago | WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tbli… | |||
| CVE-2022-50969 | medium | 6.1 | 6.1 | 20d ago | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functi… | |||
| CVE-2022-50968 | medium | 6.1 | 6.1 | 20d ago | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality ar… | |||
| CVE-2022-50967 | medium | 6.1 | 6.1 | 20d ago | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are… | |||
| CVE-2022-50966 | medium | 6.1 | 6.1 | 20d ago | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are no… | |||
| CVE-2022-50965 | medium | 6.1 | 6.1 | 20d ago | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are n… | |||
| CVE-2022-50964 | medium | 6.1 | 6.1 | 20d ago | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The date_created, date_from, date_to, and created_at parameters in the filter… | |||
| CVE-2022-50963 | medium | 6.1 | 6.1 | 20d ago | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The date_created, date_from, date_to, and created_at parameters in the filte… | |||
| CVE-2022-50962 | medium | 6.1 | 6.1 | 20d ago | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The date_created, date_from, date_to, and created_at parameters in the filter functionality ar… | |||
| CVE-2022-50960 | medium | 6.1 | 6.1 | 20d ago | WordPress International SMS for Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inj… | |||
| CVE-2022-50959 | medium | 6.1 | 6.1 | 20d ago | WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Att… | |||
| CVE-2022-50958 | medium | 6.1 | 6.1 | 20d ago | WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Attackers… | |||
| CVE-2022-50957 | medium | 6.1 | 6.1 | 20d ago | Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Atta… | |||
| CVE-2022-50943 | medium | 6.1 | 6.1 | 20d ago | Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can injec… | |||
| CVE-2022-23961 | medium | 6.1 | 6.1 | 23d ago | In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by unauthenticated remote attackers to target users of the mo… | |||
| CVE-2022-47153 | medium | 6.1 | 6.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPJobBoard Jobeleon Theme allows Reflected XSS.This issue affects Jobeleon Theme: from n/a throug… | |||
| CVE-2022-45850 | medium | 6.1 | 6.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9. | |||
| CVE-2022-45847 | medium | 6.1 | 6.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting (XSS).This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1. | |||
| CVE-2022-45365 | medium | 6.1 | 6.1 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a t… | |||
| CVE-2022-45084 | medium | 6.1 | 6.1 | 3y ago | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. | |||
| CVE-2022-45836 | medium | 6.1 | 6.1 | 3y ago | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions. | |||
| CVE-2022-23791 | medium | 6.1 | 6.1 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS). Th… | |||
| CVE-2022-23790 | medium | 6.1 | 6.1 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS). Th… | |||
| CVE-2022-2178 | medium | 6.1 | 6.1 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saysis Computer Starcities allows Cross-Site Scripting (XSS). This issue affects Starcities: bef… | |||
| CVE-2022-45087 | medium | 6.1 | 6.1 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This issu… | |||
| CVE-2022-2266 | medium | 6.1 | 6.1 | 4y ago | University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2 | |||
| CVE-2022-26859 | medium | 6.1 | 6.1 | 4y ago | Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM. | |||
| CVE-2022-26858 | medium | 6.1 | 6.1 | 4y ago | Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order … | |||
| CVE-2022-27774 | medium | 5.7 | 5.7 | 4y ago | RHSA-2022:5313: curl security update (Moderate) | |||
| CVE-2022-33070 | medium | — | 5.5 | — | Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Se… | |||
| CVE-2022-28202 | medium | — | 5.5 | — | An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used i… | |||
| CVE-2022-27778 | medium | — | 5.5 | — | A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. | |||
| CVE-2022-2512 | medium | — | 5.5 | — | unknown in gitlab | |||
| CVE-2022-0419 | medium | — | 5.5 | — | NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0. | |||
| CVE-2022-2417 | medium | — | 5.5 | — | unknown in gitlab | |||
| CVE-2022-2497 | medium | — | 5.5 | — | unknown in gitlab | |||
| CVE-2022-2500 | medium | — | 5.5 | — | unknown in gitlab | |||
| CVE-2022-2095 | medium | — | 5.5 | — | unknown in gitlab | |||
| CVE-2022-2534 | medium | — | 5.5 | — | unknown in gitlab | |||
| CVE-2022-0669 | medium | — | 5.5 | — | A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages th… | |||
| CVE-2022-27779 | medium | — | 5.5 | — | libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt … | |||
| CVE-2022-32205 | medium | — | 5.5 | — | A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent H… | |||
| CVE-2022-30115 | medium | — | 5.5 | — | Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the hos… | |||
| CVE-2022-2456 | medium | — | 5.5 | — | unknown in gitlab | |||
| CVE-2022-27780 | medium | — | 5.5 | — | The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.F… |