CVEs from 2022

5,370 normalized CVEs published or assigned in this year.

Total

5,370

critical

critical 88

high

high 1,219

medium

medium 945

low

low 24

% Critical

1.6%

% with KEV

2.4%

% with exploit

3.3%

Top vendors

Top packages

critical high medium low unknown

KEV Has exploit

Reset

CVE	Severity	CVSS	Risk	Published	Description
CVE-2022-31194	unknown	—	—	4y ago	JSPUI vulnerable to path traversal in submission (resumable) upload
CVE-2022-31193	unknown	—	—	4y ago	JSPUI's controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11
CVE-2022-31192	unknown	—	—	4y ago	JSPUI Possible Cross Site Scripting in "Request a Copy" Feature
CVE-2022-31191	unknown	—	—	4y ago	JSPUI spellcheck and autocomplete tools vulnerable to Cross Site Scripting
CVE-2022-31190	unknown	—	—	4y ago	XMLUI's metadata of withdrawn Items is exposed to anonymous users
CVE-2022-31189	unknown	—	—	4y ago	JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization
CVE-2022-2053	unknown	—	—	4y ago	Undertow vulnerable to Dos via Large AJP request
CVE-2022-27166	unknown	—	—	4y ago	Apache JSPWiki XSS due to crafted request on XHRHtml2Markup.jsp
CVE-2022-34158	unknown	—	—	4y ago	Apache JSPWiki CSRF due to crafted invocation on the Image plugin
CVE-2022-28730	unknown	—	—	4y ago	Apache JSPWiki XSS due to incomplete patch for CVE-2021-40369
CVE-2022-28732	unknown	—	—	4y ago	Apache JSPWiki XSS due to crafted request in WeblogPlugin
CVE-2022-28731	unknown	—	—	4y ago	Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp
CVE-2022-25168	unknown	—	—	4y ago	Apache Hadoop argument injection vulnerability
CVE-2022-37394	unknown	—	—	4y ago	An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and…
CVE-2022-25867	unknown	—	—	4y ago	Socket.IO-client Java before 2.0.1 vulnerable to NULL Pointer Dereference
CVE-2022-2576	unknown	—	—	4y ago	Eclipse Californium denial of service (DoS) via Datagram Transport Layer Security (DTLS) handshake on parameter mismatch
CVE-2022-31183	unknown	—	—	4y ago	fs2-io skips mTLS client verification
CVE-2022-36364	unknown	—	—	4y ago	Apache Calcite Avatica JDBC driver arbitrary code execution
CVE-2022-36884	unknown	—	—	4y ago	Lack of authentication mechanism in Jenkins Git Plugin webhook
CVE-2022-36887	unknown	—	—	4y ago	Jenkins Job Configuration History Plugin does not require POST requests for several HTTP endpoints
CVE-2022-36883	unknown	—	—	4y ago	Lack of authentication mechanism in Jenkins Git Plugin webhook
CVE-2022-36886	unknown	—	—	4y ago	External Monitor Job Type Plugin does not require POST requests for an HTTP endpoint
CVE-2022-36881	unknown	—	—	4y ago	Jenkins Git client plugin 3.11.0 does not perform SSH host key verification
CVE-2022-36888	unknown	—	—	4y ago	Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests
CVE-2022-36882	unknown	—	—	4y ago	Lack of authentication mechanism in Jenkins Git Plugin webhook
CVE-2022-36885	unknown	—	—	4y ago	Jenkins GitHub plugin uses weak webhook signature function
CVE-2022-36906	unknown	—	—	4y ago	CSRF vulnerability in Jenkins OpenShift Deployer Plugin
CVE-2022-36907	unknown	—	—	4y ago	Missing permission check in Jenkins OpenShift Deployer Plugin
CVE-2022-36902	unknown	—	—	4y ago	Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin
CVE-2022-36910	unknown	—	—	4y ago	Lucene-Search Plugin does not perform permission checks in several HTTP endpoints
CVE-2022-36914	unknown	—	—	4y ago	Jenkins Files Found Trigger Plugin allows attackers to check for existence of attacker-specified file path on Jenkins controller file system
CVE-2022-36916	unknown	—	—	4y ago	CSRF vulnerability in Jenkins Google Cloud Backup Plugin
CVE-2022-36896	unknown	—	—	4y ago	Jenkins Compuware Source Code Download is missing authorization
CVE-2022-36913	unknown	—	—	4y ago	Jenkins Openstack Heat Plugin does not perform permission checks in methods implementing form validation
CVE-2022-36893	unknown	—	—	4y ago	Jenkins rpmsign-plugin does not perform a permission check in a method implementing form validation
CVE-2022-36908	unknown	—	—	4y ago	CSRF vulnerability in Jenkins OpenShift Deployer Plugin
CVE-2022-36915	unknown	—	—	4y ago	Jenkins Android Signing Plugin allows attackers to check whether attacker-specified file patterns match workspace contents
CVE-2022-36892	unknown	—	—	4y ago	Jenkins rhnpush-plugin does not perform a permission check in a method implementing form validation
CVE-2022-36899	unknown	—	—	4y ago	Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin
CVE-2022-36904	unknown	—	—	4y ago	Jenkins Repository Connector Plugin does not perform a permission check in a method implementing form validation
CVE-2022-36895	unknown	—	—	4y ago	Jenkins Compuware Topaz Utilities Plugin is missing authorization
CVE-2022-36898	unknown	—	—	4y ago	Jenkins Compuware ISPW Operations Plugin does not perform permission checks in several HTTP endpoints
CVE-2022-36919	unknown	—	—	4y ago	Jenkins Coverity Plugin allows attackers with Overall/Read permission to enumerate credentials IDs
CVE-2022-36918	unknown	—	—	4y ago	Jenkins Buckminster Plugin does not perform a permission check in a method implementing form validation
CVE-2022-36903	unknown	—	—	4y ago	Jenkins Repository Connector Plugin allows attackers with Overall/Read permission to enumerate credentials IDs
CVE-2022-36894	unknown	—	—	4y ago	Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin
CVE-2022-36890	unknown	—	—	4y ago	Jenkins Deployer Framework Plugin vulnerable to Path Traversal
CVE-2022-36912	unknown	—	—	4y ago	Missing permission checks in Jenkins openstack-heat Plugin
CVE-2022-36891	unknown	—	—	4y ago	Jenkins Deployer Framework Plugin allows attackers with Item/Read permission to read deployment logs
CVE-2022-36897	unknown	—	—	4y ago	Jenkins Compuware Xpediter Code Coverage Plugin Missing Authorization
CVE-2022-36900	unknown	—	—	4y ago	Jenkins Compuware zAdviser API Plugin vulnerable to protection mechanism failure
CVE-2022-36920	unknown	—	—	4y ago	Jenkins Coverity Plugin vulnerable to cross-site request forgery (CSRF)
CVE-2022-36889	unknown	—	—	4y ago	Jenkins Deployer Framework Plugin does not restrict application path of applications when configuring a deployment
CVE-2022-36917	unknown	—	—	4y ago	Jenkins Google Cloud Backup Plugin allows attackers with Overall/Read permission to request a manual backup.
CVE-2022-36905	unknown	—	—	4y ago	Stored XSS vulnerability in Jenkins Maven Metadata Plugin for Jenkins CI server plugin
CVE-2022-36921	unknown	—	—	4y ago	Missing permission check in Coverity Plugin allows capturing credentials
CVE-2022-36901	unknown	—	—	4y ago	Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted
CVE-2022-36922	unknown	—	—	4y ago	Jenkins Lucene-Search Plugin vulnerable to reflected (XSS) cross-site scripting
CVE-2022-36909	unknown	—	—	4y ago	Missing permission check in Jenkins OpenShift Deployer Plugin
CVE-2022-36911	unknown	—	—	4y ago	CSRF vulnerability in Jenkins openstack-heat Plugin
CVE-2022-34114	unknown	—	—	4y ago	SQL Injection found in Dataease
CVE-2022-34115	unknown	—	—	4y ago	Dataease v1.11.1 SQL Injection via parameter dataSourceId
CVE-2022-34112	unknown	—	—	4y ago	Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin
CVE-2022-34113	unknown	—	—	4y ago	Dataease before 1.11.2 allows arbitrary code execution via crafter plugin
CVE-2022-32430	unknown	—	—	4y ago	Hardcoded JWT Token in Lin CMS Spring Boot
CVE-2022-35912	unknown	—	—	4y ago	Grails framework Remote Code Execution via Data Binding
CVE-2022-31151	unknown	—	—	4y ago	Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users us…
CVE-2022-31150	unknown	—	—	4y ago	undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0…
CVE-2022-31159	unknown	—	—	4y ago	Partial Path Traversal in com.amazonaws:aws-java-sdk-s3
CVE-2022-31160	unknown	—	—	4y ago	jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
CVE-2022-32065	unknown	—	—	4y ago	RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module
CVE-2022-30187	unknown	—	—	4y ago	Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
CVE-2022-31139	unknown	—	—	4y ago	UnsafeAccessor 1.4.0 until 1.7.0 has no security checking for UnsafeAccess.getInstance()
CVE-2022-27772	unknown	—	—	4y ago	Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
CVE-2022-28889	unknown	—	—	4y ago	Apache Druid before 0.23.0 vulnerable to clickjacking
CVE-2022-2048	unknown	—	—	4y ago	Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service
CVE-2022-2191	unknown	—	—	4y ago	Jetty SslConnection does not release pooled ByteBuffers in case of errors
CVE-2022-2047	unknown	—	—	4y ago	Jetty invalid URI parsing may produce invalid HttpURI.authority
CVE-2022-32533	unknown	—	—	4y ago	Insufficient user input in Apache Jetspeed-2
CVE-2022-31943	unknown	—	—	4y ago	Unrestricted Upload of File with Dangerous Type in MCMS
CVE-2022-34813	unknown	—	—	4y ago	Jenkins XPath Configuration Viewer Plugin Missing Authorization vulnerability
CVE-2022-34816	unknown	—	—	4y ago	Passwords stored in plain text by Jenkins hpe-network-virtualization plugin
CVE-2022-34812	unknown	—	—	4y ago	Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin
CVE-2022-34804	unknown	—	—	4y ago	Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information
CVE-2022-34809	unknown	—	—	4y ago	Password stored in plain text by Jenkins RQM Plugin
CVE-2022-34817	unknown	—	—	4y ago	Cross-Site Request Forgery in Jenkins Failed Job Deactivator Plugin
CVE-2022-34805	unknown	—	—	4y ago	Plaintext Storage of a Password in Jenkins Skype notifier Plugin
CVE-2022-34803	unknown	—	—	4y ago	Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability
CVE-2022-34808	unknown	—	—	4y ago	Token stored in plain text by Jenkins Cisco Spark Plugin
CVE-2022-34815	unknown	—	—	4y ago	Cross-Site Request Forgery in Jenkins Request Rename Or Delete Plugin
CVE-2022-34811	unknown	—	—	4y ago	Missing Authorization in Jenkins XPath Configuration Viewer Plugin
CVE-2022-34818	unknown	—	—	4y ago	Jenkins Failed Job Deactivator Plugin Missing Authorization vulnerability
CVE-2022-34814	unknown	—	—	4y ago	Incorrect Authorization in Jenkins Request Rename Or Delete Plugin
CVE-2022-34807	unknown	—	—	4y ago	Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin
CVE-2022-34806	unknown	—	—	4y ago	Plaintext Storage of a Password in Jenkins Jigomerge Plugin
CVE-2022-34786	unknown	—	—	4y ago	Cross-site Scripting in Jenkins Rich Text Publisher Plugin
CVE-2022-34778	unknown	—	—	4y ago	Cross-site Scripting in Jenkins TestNG Results Plugin
CVE-2022-34787	unknown	—	—	4y ago	Jenkins Project Inheritance Plugin vulnerable to cross site scripting
CVE-2022-34793	unknown	—	—	4y ago	XML External Entity Reference in Jenkins Recipe Plugin
CVE-2022-34785	unknown	—	—	4y ago	Jenkins build-metrics Plugin Missing Authorization vulnerability

CVEs from 2022

Top vendors

Top products

Top packages