CVEs from 2022
Total
5,370
critical
critical 88
high
high 1,219
medium
medium 945
low
low 24
% Critical
1.6%
% with KEV
2.4%
% with exploit
3.3%
Top vendors
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-25189 | unknown | — | — | 4y ago | Stored Cross-site Scripting vulnerability in Jenkins Custom Checkbox Parameter Plugin | |||
| CVE-2022-25191 | unknown | — | — | 4y ago | Stored Cross-site Scripting vulnerability in Jenkins Agent Server Parameter Plugin | |||
| CVE-2022-25190 | unknown | — | — | 4y ago | Missing permission check in Jenkins Conjur Secrets Plugin allows enumerating credentials IDs | |||
| CVE-2022-25192 | unknown | — | — | 4y ago | Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery | |||
| CVE-2022-25193 | unknown | — | — | 4y ago | Jenkins Snow Commander Plugin prior to 2.0 vulnerable to Missing Authorization | |||
| CVE-2022-25195 | unknown | — | — | 4y ago | Missing permission check in Jenkins autonomiq Plugin | |||
| CVE-2022-25194 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins autonomiq plugin | |||
| CVE-2022-25198 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins SCP publisher Plugin | |||
| CVE-2022-25196 | unknown | — | — | 4y ago | Open redirect vulnerability in Jenkins GitLab Authentication Plugin | |||
| CVE-2022-25199 | unknown | — | — | 4y ago | Missing permission check in Jenkins SCP publisher Plugin | |||
| CVE-2022-25200 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Checkmarx Plugin allow capturing credentials | |||
| CVE-2022-25202 | unknown | — | — | 4y ago | Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds (Simple) Plugin | |||
| CVE-2022-25201 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Checkmarx Plugin allow capturing credentials | |||
| CVE-2022-25203 | unknown | — | — | 4y ago | Stored Cross-site Scripting vulnerability in Jenkins Team Views Plugin | |||
| CVE-2022-25204 | unknown | — | — | 4y ago | Protection Mechanism Failure in Jenkins Doktor Plugin | |||
| CVE-2022-25205 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins dbCharts Plugin | |||
| CVE-2022-25206 | unknown | — | — | 4y ago | Missing Authorization in Jenkins dbCharts Plugin | |||
| CVE-2022-25208 | unknown | — | — | 4y ago | Missing permission checks in Jenkins Chef Sinatra Plugin allow XXE | |||
| CVE-2022-25207 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Chef Sinatra Plugin allow XXE | |||
| CVE-2022-25209 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra | |||
| CVE-2022-25210 | unknown | — | — | 4y ago | Improper Synchronization in Jenkins Convertigo Mobile Platform Plugin | |||
| CVE-2022-25211 | unknown | — | — | 4y ago | Missing permission check in Jenkins SWAMP Plugin allows capturing credentials | |||
| CVE-2022-25212 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials | |||
| CVE-2022-24289 | unknown | — | — | 4y ago | Deserialization of untrusted data in Apache Cayenne | |||
| CVE-2022-23614 | unknown | — | — | 4y ago | Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In… | |||
| CVE-2022-0538 | unknown | — | — | 4y ago | DoS vulnerability in bundled XStream library in Jenkins Core | |||
| CVE-2022-23622 | unknown | — | — | 4y ago | Cross site scripting in registration template in xwiki-platform | |||
| CVE-2022-23621 | unknown | — | — | 4y ago | Missing authorization in xwiki-platform | |||
| CVE-2022-23620 | unknown | — | — | 4y ago | Path traversal in xwiki-platform-skin-skinx | |||
| CVE-2022-23619 | unknown | — | — | 4y ago | Information exposure in xwiki-platform | |||
| CVE-2022-23618 | unknown | — | — | 4y ago | URL Redirection to Untrusted Site ('Open Redirect') | |||
| CVE-2022-23617 | unknown | — | — | 4y ago | Missing authorization in xwiki-platform | |||
| CVE-2022-23616 | unknown | — | — | 4y ago | Remote code execution in xwiki-platform | |||
| CVE-2022-23615 | unknown | — | — | 4y ago | Partial authorization bypass on document save in xwiki-platform | |||
| CVE-2022-24450 | unknown | — | — | 4y ago | NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature. | |||
| CVE-2022-22931 | unknown | — | — | 4y ago | Path Traversal in Apache James Server | |||
| CVE-2022-23913 | unknown | — | — | 4y ago | Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS) | |||
| CVE-2022-21724 | unknown | — | — | 4y ago | pgjdbc Does Not Check Class Instantiation when providing Plugin Classes | |||
| CVE-2022-24198 | unknown | — | — | 4y ago | Out-of-bounds Read in iText | |||
| CVE-2022-24196 | unknown | — | — | 4y ago | Allocation of Resources Without Limits or Throttling in iText | |||
| CVE-2022-24197 | unknown | — | — | 4y ago | Out-of-bounds Write in iText | |||
| CVE-2022-23596 | unknown | — | — | 4y ago | Junrar vulnerable to infinite loop via extracting carefully crafted RAR archive | |||
| CVE-2022-23601 | unknown | — | — | 4y ago | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in t… | |||
| CVE-2022-23181 | unknown | — | — | 4y ago | The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed… | |||
| CVE-2022-23607 | unknown | — | — | 4y ago | treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods (`treq.get`, `treq.post`, etc.) and `treq.client.HTTPClient` constructor accept cookies as … | |||
| CVE-2022-22932 | unknown | — | — | 4y ago | Path traversal in Apache Karaf | |||
| CVE-2022-23945 | unknown | — | — | 4y ago | Missing authentication in ShenYu | |||
| CVE-2022-23223 | unknown | — | — | 4y ago | Password exposure in ShenYu | |||
| CVE-2022-23944 | unknown | — | — | 4y ago | Missing authentication in ShenYu | |||
| CVE-2022-22929 | unknown | — | — | 4y ago | Arbitrary File Upload in Mingsoft MCMS | |||
| CVE-2022-22930 | unknown | — | — | 4y ago | RCE in Mingsoft MCMS | |||
| CVE-2022-23315 | unknown | — | — | 4y ago | Arbitrary file upload in Mingsoft MCMS | |||
| CVE-2022-0239 | unknown | — | — | 4y ago | corenlp is vulnerable to Improper Restriction of XML External Entity Reference | |||
| CVE-2022-23106 | unknown | — | — | 4y ago | Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin | |||
| CVE-2022-23107 | unknown | — | — | 4y ago | Path Traversal in Jenkins Warnings Next Generation Plugin | |||
| CVE-2022-20612 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins | |||
| CVE-2022-23221 | unknown | — | — | 4y ago | Arbitrary code execution in H2 Console | |||
| CVE-2022-0219 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in skylot/jadx | |||
| CVE-2022-23435 | unknown | — | — | 4y ago | android-gif-drawable vulerable to denial of service due to unrestricted comment length | |||
| CVE-2022-21363 | unknown | — | — | 4y ago | Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors Java | |||
| CVE-2022-0198 | unknown | — | — | 4y ago | XML External Entity Reference in edu.stanford.nlp:stanford-corenlp | |||
| CVE-2022-20614 | unknown | — | — | 4y ago | Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin | |||
| CVE-2022-20615 | unknown | — | — | 4y ago | Stored XSS vulnerability in Matrix Project Plugin | |||
| CVE-2022-20613 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Mailer Plugin | |||
| CVE-2022-20616 | unknown | — | — | 4y ago | Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin | |||
| CVE-2022-20617 | unknown | — | — | 4y ago | OS command execution vulnerability in Jenkins Docker Commons Plugin | |||
| CVE-2022-20618 | unknown | — | — | 4y ago | Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin | |||
| CVE-2022-20619 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin | |||
| CVE-2022-20620 | unknown | — | — | 4y ago | Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs | |||
| CVE-2022-20621 | unknown | — | — | 4y ago | Access key stored in plain text by Jenkins Metrics Plugin | |||
| CVE-2022-23105 | unknown | — | — | 4y ago | User passwords transmitted in plain text by Jenkins Active Directory Plugin | |||
| CVE-2022-23110 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Publish Over SSH Plugin | |||
| CVE-2022-23108 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Badge Plugin | |||
| CVE-2022-23109 | unknown | — | — | 4y ago | Improper credentials masking in Jenkins HashiCorp Vault Plugin | |||
| CVE-2022-23117 | unknown | — | — | 4y ago | Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials | |||
| CVE-2022-23112 | unknown | — | — | 4y ago | Missing permission check in Jenkins Publish Over SSH Plugin | |||
| CVE-2022-23111 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin | |||
| CVE-2022-23114 | unknown | — | — | 4y ago | Password stored in plain text by Jenkins Publish Over SSH Plugin | |||
| CVE-2022-23115 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins batch task Plugin | |||
| CVE-2022-23113 | unknown | — | — | 4y ago | Path traversal vulnerability in Jenkins Publish Over SSH Plugin | |||
| CVE-2022-23118 | unknown | — | — | 4y ago | Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin | |||
| CVE-2022-23116 | unknown | — | — | 4y ago | Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets | |||
| CVE-2022-21653 | unknown | — | — | 5y ago | Hash collision in typelevel jawn |