CVEs from 2022
Total
5,373
critical
critical 88
high
high 1,219
medium
medium 945
low
low 24
% Critical
1.6%
% with KEV
2.4%
% with exploit
3.3%
Top vendors
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-41404 | unknown | — | — | 4y ago | org.ini4j allows attackers to cause a Denial of Service (DoS) | |||
| CVE-2022-40664 | unknown | — | — | 4y ago | Apache Shiro Authentication Bypass vulnerability | |||
| CVE-2022-41414 | unknown | — | — | 4y ago | Liferay Portal Insecure Default Configuration in auth.login.prompt.enabled | |||
| CVE-2022-41853 | unknown | — | — | 4y ago | HyperSQL DataBase vulnerable to remote code execution when processing untrusted input | |||
| CVE-2022-3171 | unknown | — | — | 4y ago | protobuf-java has a potential Denial of Service issue | |||
| CVE-2022-39248 | unknown | — | — | 4y ago | matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion | |||
| CVE-2022-39246 | unknown | — | — | 4y ago | matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions | |||
| CVE-2022-39243 | unknown | — | — | 4y ago | NuProcess vulnerable to command-line injection through insertion of NUL character(s) | |||
| CVE-2022-40929 | unknown | — | — | 4y ago | XXL-JOB contains a Command execution vulnerability in background tasks | |||
| CVE-2022-39261 | unknown | — | — | 4y ago | Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a us… | |||
| CVE-2022-3290 | unknown | — | — | 4y ago | rdiffweb's unlimited username field length can lead to DoS | |||
| CVE-2022-33683 | unknown | — | — | 4y ago | Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation | |||
| CVE-2022-33681 | unknown | — | — | 4y ago | Apache Pulsar Java Client vulnerable to Improper Certificate Validation | |||
| CVE-2022-33682 | unknown | — | — | 4y ago | Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation | |||
| CVE-2022-26112 | unknown | — | — | 4y ago | Apache Pinot has Groovy Function support enabled by default | |||
| CVE-2022-36944 | unknown | — | — | 4y ago | Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization | |||
| CVE-2022-24280 | unknown | — | — | 4y ago | Proxy component of Apache Pulsar subject to abuse as Denial of Service endpoint | |||
| CVE-2022-23463 | unknown | — | — | 4y ago | Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution | |||
| CVE-2022-23464 | unknown | — | — | 4y ago | Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery | |||
| CVE-2022-36025 | unknown | — | — | 4y ago | Besu VM vulnerable to gas allocation error in CALL operations | |||
| CVE-2022-2256 | unknown | — | — | 4y ago | Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles | |||
| CVE-2022-2668 | unknown | — | — | 4y ago | Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console | |||
| CVE-2022-28982 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to XSS via Tag Name | |||
| CVE-2022-28977 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP HtmlUtil.escapeRedirect Can Be Circumvented | |||
| CVE-2022-28979 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to XSS in the Portal Search Module | |||
| CVE-2022-38512 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Fails to Check Permissions in Translation Module | |||
| CVE-2022-40705 | unknown | — | — | 4y ago | Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP | |||
| CVE-2022-39975 | unknown | — | — | 4y ago | Liferay Portal Missing Authorization vulnerability | |||
| CVE-2022-28981 | unknown | — | — | 4y ago | Liferay Portal Path Traversal Vulnerability via the Hypermedia REST APIs Module | |||
| CVE-2022-28980 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to XSS via the filter_ Prefix | |||
| CVE-2022-28978 | unknown | — | — | 4y ago | Liferay Portal and Liferay DXP Vulnerable to XSS in the Site Module | |||
| CVE-2022-38648 | unknown | — | — | 4y ago | Apache Batik vulnerable to Server-Side Request Forgery | |||
| CVE-2022-40146 | unknown | — | — | 4y ago | Apache Batik vulnerable to Server-Side Request Forgery | |||
| CVE-2022-38398 | unknown | — | — | 4y ago | Apache Batik Server-Side Request Forgery | |||
| CVE-2022-41247 | unknown | — | — | 4y ago | Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted | |||
| CVE-2022-41244 | unknown | — | — | 4y ago | Missing hostname validation in Jenkins View26 Test-Reporting Plugin | |||
| CVE-2022-41245 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials | |||
| CVE-2022-41238 | unknown | — | — | 4y ago | Lack of authentication mechanism in Jenkins DotCi Plugin webhook | |||
| CVE-2022-41243 | unknown | — | — | 4y ago | Jenkins SmallTest Plugin missing hostname validation | |||
| CVE-2022-41227 | unknown | — | — | 4y ago | Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery | |||
| CVE-2022-41240 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Walti plugin | |||
| CVE-2022-41226 | unknown | — | — | 4y ago | Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference | |||
| CVE-2022-41231 | unknown | — | — | 4y ago | Path traversal in Jenkins build-publisher Plugin | |||
| CVE-2022-41233 | unknown | — | — | 4y ago | Jenkins Rundeck Plugin Missing Authorization vulnerability | |||
| CVE-2022-41229 | unknown | — | — | 4y ago | Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-site Scripting | |||
| CVE-2022-41235 | unknown | — | — | 4y ago | Jenkins WildFly Deployer Plugin vulnerable to path traversal | |||
| CVE-2022-41242 | unknown | — | — | 4y ago | Jenkins extreme-feedback Plugin vulnerable to Missing Authorization | |||
| CVE-2022-41234 | unknown | — | — | 4y ago | Missing webhook endpoint authorization in Jenkins Rundeck Plugin | |||
| CVE-2022-41246 | unknown | — | — | 4y ago | CSRF vulnerability and mM | |||
| CVE-2022-41237 | unknown | — | — | 4y ago | RCE vulnerability in Jenkins DotCi Plugin | |||
| CVE-2022-41241 | unknown | — | — | 4y ago | Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference | |||
| CVE-2022-41230 | unknown | — | — | 4y ago | Missing permission check in Jenkins build-publisher Plugin | |||
| CVE-2022-41239 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins DotCi Plugin | |||
| CVE-2022-41225 | unknown | — | — | 4y ago | Jenkins Anchore Container Image Scanner Plugin vulnerable to cross site scripting | |||
| CVE-2022-41236 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Security Inspector plugin | |||
| CVE-2022-41224 | unknown | — | — | 4y ago | Jenkins vulnerable to stored cross site scripting in the I:helpIcon component | |||
| CVE-2022-41228 | unknown | — | — | 4y ago | Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization | |||
| CVE-2022-41232 | unknown | — | — | 4y ago | Jenkins build-publisher plugin vulnerable to cross-site request forgery | |||
| CVE-2022-41251 | unknown | — | — | 4y ago | Jenkins Apprenda Plugin has Missing Authorization vulnerability | |||
| CVE-2022-41250 | unknown | — | — | 4y ago | Missing permission check in Jenkins SCM HttpClient Plugin allow capturing credentials | |||
| CVE-2022-41248 | unknown | — | — | 4y ago | Jenkins BigPanda Notifier Plugin Missing Password Field Masking | |||
| CVE-2022-41249 | unknown | — | — | 4y ago | Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery | |||
| CVE-2022-41252 | unknown | — | — | 4y ago | Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs | |||
| CVE-2022-41255 | unknown | — | — | 4y ago | API token stored in plain text by Jenkins CONS3RT Plugin | |||
| CVE-2022-41254 | unknown | — | — | 4y ago | Missing permission checks in Jenkins CONS3RT Plugin allow capturing credentials | |||
| CVE-2022-41253 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins CONS3RT Plugin allow capturing credentials | |||
| CVE-2022-31679 | unknown | — | — | 4y ago | Spring Data REST can expose hidden entity attributes | |||
| CVE-2022-34917 | unknown | — | — | 4y ago | Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service | |||
| CVE-2022-40955 | unknown | — | — | 4y ago | Apache InLong vulnerable to Deserialization of Untrusted Data | |||
| CVE-2022-31166 | unknown | — | — | 4y ago | XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups | |||
| CVE-2022-31167 | unknown | — | — | 4y ago | XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference | |||
| CVE-2022-25873 | unknown | — | — | 4y ago | Vuetify Cross-site Scripting vulnerability | |||
| CVE-2022-40152 | unknown | — | — | 4y ago | Denial of Service due to parser crash | |||
| CVE-2022-40150 | unknown | — | — | 4y ago | Jettison memory exhaustion | |||
| CVE-2022-40149 | unknown | — | — | 4y ago | Jettison parser crash by stackoverflow | |||
| CVE-2022-36095 | unknown | — | — | 4y ago | XWiki Cross-Site Request Forgery (CSRF) for actions on tags | |||
| CVE-2022-36109 | unknown | — | — | 4y ago | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has di… | |||
| CVE-2022-36090 | unknown | — | — | 4y ago | XWiki Platform Improper Authorization check for inactive users | |||
| CVE-2022-36091 | unknown | — | — | 4y ago | XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor | |||
| CVE-2022-36096 | unknown | — | — | 4y ago | XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list | |||
| CVE-2022-36097 | unknown | — | — | 4y ago | XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form | |||
| CVE-2022-36098 | unknown | — | — | 4y ago | XWiki Platform Mentions UI vulnerable to Cross-site Scripting | |||
| CVE-2022-36099 | unknown | — | — | 4y ago | XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability | |||
| CVE-2022-36100 | unknown | — | — | 4y ago | XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection | |||
| CVE-2022-36113 | unknown | — | — | 4y ago | Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it… | |||
| CVE-2022-36114 | unknown | — | — | 4y ago | Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternat… | |||
| CVE-2022-36092 | unknown | — | — | 4y ago | XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action | |||
| CVE-2022-36093 | unknown | — | — | 4y ago | XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard | |||
| CVE-2022-36094 | unknown | — | — | 4y ago | XWiki Platform Web Parent POM vulnerable to XSS in the attachment history | |||
| CVE-2022-25897 | unknown | — | — | 4y ago | Eclipse Milo vulnerable to Resource Exhaustion (Denial of Service) | |||
| CVE-2022-37724 | unknown | — | — | 4y ago | Project Wonder WebObjects vulnerable to Arbitrary HTTP Header Injection and Cross-site Scripting | |||
| CVE-2022-1278 | unknown | — | — | 4y ago | WildFly vulnerable to Insecure Default Initialization of Resource | |||
| CVE-2022-40634 | unknown | — | — | 4y ago | CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources | |||
| CVE-2022-40635 | unknown | — | — | 4y ago | CrafterCMS OS Command Injection vulnerability | |||
| CVE-2022-37767 | unknown | — | — | 4y ago | Pebble Templates protection mechanism bypass can lead to arbitrary code execution | |||
| CVE-2022-37734 | unknown | — | — | 4y ago | graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources | |||
| CVE-2022-39135 | unknown | — | — | 4y ago | Apache Calcite before 1.32.0 vulnerable to potential XML External Entity (XXE) attack | |||
| CVE-2022-26049 | unknown | — | — | 4y ago | Goomph before 3.37.2 allows malicious zip file to write contents to arbitrary locations | |||
| CVE-2022-28220 | unknown | — | — | 4y ago | Apache James vulnerable to buffering attack | |||
| CVE-2022-25914 | unknown | — | — | 4y ago | com.google.cloud.tools:jib-core vulnerable to Remote Code Execution (RCE) |