CVEs from 2022
Total
5,370
critical
critical 88
high
high 1,219
medium
medium 945
low
low 24
% Critical
1.6%
% with KEV
2.4%
% with exploit
3.3%
Top vendors
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-32430 | unknown | — | — | 4y ago | Hardcoded JWT Token in Lin CMS Spring Boot | |||
| CVE-2022-35912 | unknown | — | — | 4y ago | Grails framework Remote Code Execution via Data Binding | |||
| CVE-2022-31151 | unknown | — | — | 4y ago | Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users us… | |||
| CVE-2022-31150 | unknown | — | — | 4y ago | undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0… | |||
| CVE-2022-31159 | unknown | — | — | 4y ago | Partial Path Traversal in com.amazonaws:aws-java-sdk-s3 | |||
| CVE-2022-31160 | unknown | — | — | 4y ago | jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label | |||
| CVE-2022-32065 | unknown | — | — | 4y ago | RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module | |||
| CVE-2022-30187 | unknown | — | — | 4y ago | Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library | |||
| CVE-2022-31139 | unknown | — | — | 4y ago | UnsafeAccessor 1.4.0 until 1.7.0 has no security checking for UnsafeAccess.getInstance() | |||
| CVE-2022-27772 | unknown | — | — | 4y ago | Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot | |||
| CVE-2022-28889 | unknown | — | — | 4y ago | Apache Druid before 0.23.0 vulnerable to clickjacking | |||
| CVE-2022-2048 | unknown | — | — | 4y ago | Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service | |||
| CVE-2022-2191 | unknown | — | — | 4y ago | Jetty SslConnection does not release pooled ByteBuffers in case of errors | |||
| CVE-2022-2047 | unknown | — | — | 4y ago | Jetty invalid URI parsing may produce invalid HttpURI.authority | |||
| CVE-2022-32533 | unknown | — | — | 4y ago | Insufficient user input in Apache Jetspeed-2 | |||
| CVE-2022-31943 | unknown | — | — | 4y ago | Unrestricted Upload of File with Dangerous Type in MCMS | |||
| CVE-2022-34815 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Request Rename Or Delete Plugin | |||
| CVE-2022-34817 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Failed Job Deactivator Plugin | |||
| CVE-2022-34809 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins RQM Plugin | |||
| CVE-2022-34808 | unknown | — | — | 4y ago | Token stored in plain text by Jenkins Cisco Spark Plugin | |||
| CVE-2022-34811 | unknown | — | — | 4y ago | Missing Authorization in Jenkins XPath Configuration Viewer Plugin | |||
| CVE-2022-34813 | unknown | — | — | 4y ago | Jenkins XPath Configuration Viewer Plugin Missing Authorization vulnerability | |||
| CVE-2022-34814 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Request Rename Or Delete Plugin | |||
| CVE-2022-34816 | unknown | — | — | 4y ago | Passwords stored in plain text by Jenkins hpe-network-virtualization plugin | |||
| CVE-2022-34803 | unknown | — | — | 4y ago | Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability | |||
| CVE-2022-34812 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin | |||
| CVE-2022-34804 | unknown | — | — | 4y ago | Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information | |||
| CVE-2022-34818 | unknown | — | — | 4y ago | Jenkins Failed Job Deactivator Plugin Missing Authorization vulnerability | |||
| CVE-2022-34807 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin | |||
| CVE-2022-34806 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins Jigomerge Plugin | |||
| CVE-2022-34805 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins Skype notifier Plugin | |||
| CVE-2022-34797 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin | |||
| CVE-2022-34783 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Plot Plugin | |||
| CVE-2022-34793 | unknown | — | — | 4y ago | XML External Entity Reference in Jenkins Recipe Plugin | |||
| CVE-2022-34792 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Recipe Plugin | |||
| CVE-2022-34779 | unknown | — | — | 4y ago | Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow enumerating credentials IDs | |||
| CVE-2022-34782 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins requests-plugin | |||
| CVE-2022-34798 | unknown | — | — | 4y ago | Missing Authorization in Jenkins Deployment Dashboard Plugin | |||
| CVE-2022-34780 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin allow capturing credentials | |||
| CVE-2022-34802 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin | |||
| CVE-2022-34795 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Deployment Dashboard Plugin | |||
| CVE-2022-34794 | unknown | — | — | 4y ago | Missing Authorization in Jenkins Recipe Plugin | |||
| CVE-2022-34787 | unknown | — | — | 4y ago | Jenkins Project Inheritance Plugin vulnerable to cross site scripting | |||
| CVE-2022-34777 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins GitLab Plugin | |||
| CVE-2022-34778 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins TestNG Results Plugin | |||
| CVE-2022-34799 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins Deployment Dashboard Plugin | |||
| CVE-2022-34785 | unknown | — | — | 4y ago | Jenkins build-metrics Plugin Missing Authorization vulnerability | |||
| CVE-2022-34786 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Rich Text Publisher Plugin | |||
| CVE-2022-34801 | unknown | — | — | 4y ago | Cleartext Storage of Sensitive Information in Jenkins Build Notifications Plugin | |||
| CVE-2022-34790 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins eXtreme Feedback Panel Plugin | |||
| CVE-2022-34784 | unknown | — | — | 4y ago | Cross site scripting in Jenkins build-metrics Plugin | |||
| CVE-2022-34800 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins Build Notifications Plugin | |||
| CVE-2022-34791 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Validating Email Parameter Plugin | |||
| CVE-2022-34796 | unknown | — | — | 4y ago | Jenkins Deployment Dashboard Plugin has Insufficiently Protected Credentials | |||
| CVE-2022-34789 | unknown | — | — | 4y ago | Jenkins Matrix Reloaded Plugin vulnerable to CSRF | |||
| CVE-2022-32532 | unknown | — | — | 4y ago | Improper Authorization in Apache Shiro | |||
| CVE-2022-26477 | unknown | — | — | 4y ago | SystemDS CPU exhaustion vulnerability | |||
| CVE-2022-33879 | unknown | — | — | 4y ago | Apache Tika contains incomplete fix for regex DoS | |||
| CVE-2022-34212 | unknown | — | — | 4y ago | Missing permission check in Jenkins vRealize Orchestrator Plugin | |||
| CVE-2022-34209 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins ThreadFix Plugin | |||
| CVE-2022-34213 | unknown | — | — | 4y ago | Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text | |||
| CVE-2022-34207 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Beaker builder Plugin | |||
| CVE-2022-34205 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin | |||
| CVE-2022-34210 | unknown | — | — | 4y ago | Missing permission check in Jenkins ThreadFix Plugin | |||
| CVE-2022-34211 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins vRealize Orchestrator Plugin | |||
| CVE-2022-34305 | unknown | — | — | 4y ago | In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data with… | |||
| CVE-2022-34208 | unknown | — | — | 4y ago | Jenkins Beaker builder Plugin Missing Authorization vulnerability | |||
| CVE-2022-34198 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Stash Branch Parameter Plugin | |||
| CVE-2022-34298 | unknown | — | — | 4y ago | NT auth module vulnerability in OpenAM | |||
| CVE-2022-34193 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Package Version Plugin | |||
| CVE-2022-34180 | unknown | — | — | 4y ago | Improper authorization in Jenkins Embeddable Build Status Plugin bypasses ViewStatus permission requirement | |||
| CVE-2022-34203 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins EasyQA Plugin | |||
| CVE-2022-34170 | unknown | — | — | 4y ago | Cross-site Scripting vulnerability in Jenkins | |||
| CVE-2022-34197 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Sauce OnDemand Plugin | |||
| CVE-2022-34185 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Date Parameter Plugin | |||
| CVE-2022-34191 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins NS-ND Integration Performance Publisher Plugin | |||
| CVE-2022-34206 | unknown | — | — | 4y ago | Jenkins Jianliao Notification Plugin Missing Authorization vulnerability | |||
| CVE-2022-34184 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins CRX Content Package Deployer Plugin | |||
| CVE-2022-34194 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Readonly Parameter Plugin | |||
| CVE-2022-34173 | unknown | — | — | 4y ago | Cross-site Scripting vulnerability in Jenkins | |||
| CVE-2022-34189 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Image Tag Parameter Plugin | |||
| CVE-2022-34187 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Filesystem List Parameter Plugin | |||
| CVE-2022-34202 | unknown | — | — | 4y ago | User passwords stored in plain text by Jenkins EasyQA Plugin | |||
| CVE-2022-34192 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins ontrack Jenkins Plugin | |||
| CVE-2022-34171 | unknown | — | — | 4y ago | Cross-site Scripting vulnerability in Jenkins | |||
| CVE-2022-34174 | unknown | — | — | 4y ago | Observable timing discrepancy allows determining username validity in Jenkins | |||
| CVE-2022-34176 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins JUnit Plugin | |||
| CVE-2022-34178 | unknown | — | — | 4y ago | Reflected Cross site scripting in Jenkins Embeddable Build Status Plugin | |||
| CVE-2022-34175 | unknown | — | — | 4y ago | Unauthorized view fragment access in Jenkins | |||
| CVE-2022-34195 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Repository Connector Plugin | |||
| CVE-2022-34172 | unknown | — | — | 4y ago | Cross-site Scripting vulnerability in Jenkins | |||
| CVE-2022-34188 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Hidden Parameter Plugin | |||
| CVE-2022-34201 | unknown | — | — | 4y ago | Missing permission check in Jenkins Convertigo Mobile Platform Plugin | |||
| CVE-2022-33113 | unknown | — | — | 4y ago | Cross-site Scripting in Jfinal CMS | |||
| CVE-2022-34190 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Maven Metadata Plugin | |||
| CVE-2022-34196 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins REST List Parameter Plugin | |||
| CVE-2022-34186 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Dynamic Extended Choice Parameter Plugin | |||
| CVE-2022-34179 | unknown | — | — | 4y ago | Path Traversal vulnerability in Jenkins Embeddable Build Status Plugin | |||
| CVE-2022-34199 | unknown | — | — | 4y ago | Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin | |||
| CVE-2022-34182 | unknown | — | — | 4y ago | Reflected Cross-site Scripting in Jenkins Nested View Plugin |