CVEs from 2022
Total
5,738
critical
critical 88
high
high 1,220
medium
medium 938
low
low 24
% Critical
1.5%
% with KEV
2.3%
% with exploit
3.1%
Top vendors
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-46846 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Trending/Popular Post Slider and Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af… | |||
| CVE-2022-44578 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Pierre JEHAN Owl Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through 0.5.3. | |||
| CVE-2022-44595 | medium | 5.3 | 5.3 | 2y ago | Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0. | |||
| CVE-2022-21618 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:7012: java-11-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21626 | medium | 5.3 | 5.3 | 4y ago | RHSA-2023:0128: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21549 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important) | |||
| CVE-2022-21540 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important) | |||
| CVE-2022-21366 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0185: java-11-openjdk security update (Moderate) | |||
| CVE-2022-21360 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21341 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21340 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21305 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21299 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21296 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21294 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21293 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0970: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21291 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0185: java-11-openjdk security update (Moderate) | |||
| CVE-2022-21283 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21282 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-21277 | medium | 5.3 | 5.3 | 4y ago | RHSA-2022:0185: java-11-openjdk security update (Moderate) | |||
| CVE-2022-40211 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1. | |||
| CVE-2022-44629 | medium | 4.8 | 4.8 | 3y ago | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0 versions. | |||
| CVE-2022-47436 | medium | 4.8 | 4.8 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Yatra allows Stored XSS.This issue affects Yatra: from n/a through 2.1.14. | |||
| CVE-2022-43480 | medium | 4.8 | 4.8 | 3y ago | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions. | |||
| CVE-2022-32537 | medium | 4.8 | 4.8 | 4y ago | A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components… | |||
| CVE-2022-44628 | medium | 4.8 | 4.8 | 4y ago | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress. | |||
| CVE-2022-41656 | medium | 4.3 | 4.3 | 3d ago | Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCom… | |||
| CVE-2022-50955 | medium | 4.3 | 4.3 | 20d ago | WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can … | |||
| CVE-2022-47176 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: … | |||
| CVE-2022-47168 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in printful Printful Integration for WooCommerce printful-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… | |||
| CVE-2022-46811 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in VillaTheme(villatheme.com) ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Le… | |||
| CVE-2022-46807 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for Wo… | |||
| CVE-2022-43472 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eRoom – Zoom Meetings … | |||
| CVE-2022-47604 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in junkcoder, ristoniinemets AJAX Thumbnail Rebuild.This issue affects AJAX Thumbnail Rebuild: from n/a through 1.13. | |||
| CVE-2022-45352 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | |||
| CVE-2022-45349 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | |||
| CVE-2022-40702 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2. | |||
| CVE-2022-40219 | medium | 4.3 | 4.3 | 4y ago | Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change. | |||
| CVE-2022-45809 | low | 3.7 | 3.7 | 3y ago | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ricard Torres Thumbs Rating.This issue affects Thumbs Rating: from n/a through 5.0.0. | |||
| CVE-2022-21624 | low | 3.7 | 3.7 | 4y ago | RHSA-2023:0128: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-21619 | low | 3.7 | 3.7 | 4y ago | RHSA-2023:0128: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2022-39399 | low | 3.7 | 3.7 | 4y ago | RHSA-2022:7012: java-11-openjdk security and bug fix update (Moderate) | |||
| CVE-2022-45819 | low | 3.5 | 3.5 | 2y ago | Missing Authorization vulnerability in Popup Maker Popup Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Maker: from n/a through 1.17.1. | |||
| CVE-2022-3358 | low | — | 3.5 | 4y ago | Low: openssl security and bug fix update | |||
| CVE-2022-24101 | low | 3.3 | 3.3 | 4y ago | Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensit… | |||
| CVE-2022-27227 | low | — | 2.5 | — | In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an… | |||
| CVE-2022-29458 | low | — | 2.5 | 10mo ago | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. | |||
| CVE-2022-45063 | low | — | 2.5 | 1y ago | Low: xterm security update | |||
| CVE-2022-43939 | unknown | — | 2.5 | 1y ago | Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization. | |||
| CVE-2022-43769 | unknown | — | 2.5 | 1y ago | Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution. | |||
| CVE-2022-22948 | unknown | — | 2.5 | 2y ago | VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information. | |||
| CVE-2022-48554 | low | — | 2.5 | 2y ago | Low: file security update | |||
| CVE-2022-29303 | unknown | — | 2.5 | 3y ago | SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web server. | |||
| CVE-2022-28805 | low | — | 2.5 | 3y ago | Low: lua security update | |||
| CVE-2022-35252 | low | — | 2.5 | 3y ago | RHSA-2023:2963: curl security and bug fix update (Low) | |||
| CVE-2022-43552 | low | — | 2.5 | 3y ago | RHSA-2023:2963: curl security and bug fix update (Low) | |||
| CVE-2022-1615 | low | — | 2.5 | 3y ago | RHSA-2023:2987: samba security, bug fix, and enhancement update (Low) | |||
| CVE-2022-36227 | low | — | 2.5 | 3y ago | RHSA-2023:3018: libarchive security update (Low) | |||
| CVE-2022-41862 | low | — | 2.5 | 3y ago | RHSA-2023:7016: libpq security update (Low) | |||
| CVE-2022-28810 | unknown | — | 2.5 | 3y ago | Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset. | |||
| CVE-2022-35914 | unknown | — | 2.5 | 3y ago | Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed. | |||
| CVE-2022-47986 | unknown | — | 2.5 | 3y ago | IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw. | |||
| CVE-2022-46169 | unknown | — | 2.5 | 3y ago | Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code. | |||
| CVE-2022-24990 | unknown | — | 2.5 | 3y ago | TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint. | |||
| CVE-2022-21587 | unknown | — | 2.5 | 3y ago | Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. | |||
| CVE-2022-47966 | unknown | — | 2.5 | 3y ago | Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario. | |||
| CVE-2022-44877 | unknown | — | 2.5 | 3y ago | CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter. | |||
| CVE-2022-2211 | low | — | 2.5 | 4y ago | RHSA-2022:7472: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Low) | |||
| CVE-2022-0897 | low | — | 2.5 | 4y ago | RHSA-2022:7472: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Low) | |||
| CVE-2022-24735 | low | — | 2.5 | 4y ago | RHSA-2022:7541: redis:6 security, bug fix, and enhancement update (Low) | |||
| CVE-2022-24736 | low | — | 2.5 | 4y ago | RHSA-2022:7541: redis:6 security, bug fix, and enhancement update (Low) | |||
| CVE-2022-23645 | low | — | 2.5 | 4y ago | RHSA-2022:7472: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Low) | |||
| CVE-2022-2990 | low | — | 2.5 | 4y ago | RHSA-2022:7822: container-tools:rhel8 security, bug fix, and enhancement update (Low) | |||
| CVE-2022-1122 | low | — | 2.5 | 4y ago | RHSA-2022:7645: openjpeg2 security update (Low) | |||
| CVE-2022-41352 | unknown | — | 2.5 | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts. | |||
| CVE-2022-40684 | unknown | — | 2.5 | 4y ago | Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface … | |||
| CVE-2022-36804 | unknown | — | 2.5 | 4y ago | Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions… | |||
| CVE-2022-41082 | unknown | — | 2.5 | 4y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which … | |||
| CVE-2022-41040 | unknown | — | 2.5 | 4y ago | Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution. | |||
| CVE-2022-35405 | unknown | — | 2.5 | 4y ago | Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution. | |||
| CVE-2022-26352 | unknown | — | 2.5 | 4y ago | dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage … | |||
| CVE-2022-24112 | unknown | — | 2.5 | 4y ago | Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution. | |||
| CVE-2022-26923 | unknown | — | 2.5 | 4y ago | An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalati… | |||
| CVE-2022-22536 | unknown | — | 2.5 | 4y ago | SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can pr… | |||
| CVE-2022-27925 | unknown | — | 2.5 | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerabili… | |||
| CVE-2022-37042 | unknown | — | 2.5 | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated r… | |||
| CVE-2022-30333 | unknown | — | 2.5 | 4y ago | RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation. | |||
| CVE-2022-33891 | unknown | — | 2.5 | 4y ago | Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled. | |||
| CVE-2022-30190 | unknown | — | 2.5 | 4y ago | A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code … | |||
| CVE-2022-26134 | unknown | — | 2.5 | 4y ago | Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution. | |||
| CVE-2022-30525 | unknown | — | 2.5 | 4y ago | A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. | |||
| CVE-2022-1388 | unknown | — | 2.5 | 4y ago | F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services. | |||
| CVE-2022-26904 | unknown | — | 2.5 | 4y ago | Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2022-29464 | unknown | — | 2.5 | 4y ago | Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution. | |||
| CVE-2022-22960 | unknown | — | 2.5 | 4y ago | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. | |||
| CVE-2022-22954 | unknown | — | 2.5 | 4y ago | VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection. | |||
| CVE-2022-22963 | unknown | — | 2.5 | 4y ago | When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code executio… | |||
| CVE-2022-22965 | unknown | — | 2.5 | 4y ago | Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | |||
| CVE-2022-1040 | unknown | — | 2.5 | 4y ago | An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution. | |||
| CVE-2022-0543 | unknown | — | 2.5 | 4y ago | Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. |