CVEs from 2022
Total
8,277
critical
critical 88
high
high 1,240
medium
medium 887
low
low 23
% Critical
1.1%
% with KEV
1.6%
% with exploit
1.6%
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2022-2586 | medium | — | 7.0 | 4y ago | Moderate: kernel security, bug fix, and enhancement update | |
| CVE-2022-32893 | medium | — | 7.0 | 4y ago | Moderate: webkit2gtk3 security update | |
| CVE-2022-22620 | medium | — | 7.0 | 4y ago | Moderate: webkit2gtk3 security, bug fix, and enhancement update | |
| CVE-2022-28247 | medium | 6.7 | 6.7 | 4y ago | Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local priv… | |
| CVE-2022-34363 | medium | 6.5 | 6.5 | 5d ago | Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp | |
| CVE-2022-45899 | medium | 6.5 | 6.5 | 20d ago | Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field. | |
| CVE-2022-41650 | medium | 6.5 | 6.5 | 3mo ago | Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a throug… | |
| CVE-2022-47594 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Guten… | |
| CVE-2022-46796 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25. | |
| CVE-2022-46795 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print … | |
| CVE-2022-45840 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Affiliate Links: from n/a th… | |
| CVE-2022-45852 | medium | 6.5 | 6.5 | 2y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly:… | |
| CVE-2022-41698 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3. | |
| CVE-2022-44633 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1. | |
| CVE-2022-47160 | medium | 6.5 | 6.5 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wpmet Wp Social Login and Register Social Counter.This issue affects Wp Social Login and Register Social Counter: from n/a … | |
| CVE-2022-41695 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in SedLex Traffic Manager.This issue affects Traffic Manager: from n/a through 1.4.5. | |
| CVE-2022-41619 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in SedLex Image Zoom.This issue affects Image Zoom: from n/a through 1.8.8. | |
| CVE-2022-38141 | medium | 6.5 | 6.5 | 2y ago | Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.This issue affects Sales Report Email for WooCommerce: from n/a through 2.8. | |
| CVE-2022-43450 | medium | 6.5 | 6.5 | 3y ago | Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2. | |
| CVE-2022-40312 | medium | 6.5 | 6.5 | 3y ago | Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.2… | |
| CVE-2022-45362 | medium | 6.5 | 6.5 | 3y ago | Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0. | |
| CVE-2022-47593 | medium | 6.5 | 6.5 | 3y ago | Auth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin <= 1.6.35 versions. | |
| CVE-2022-45085 | medium | 6.5 | 6.5 | 3y ago | Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery. This issue affects Smartpower Web: before 23.01.01. | |
| CVE-2022-45824 | medium | 6.5 | 6.5 | 4y ago | Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress. | |
| CVE-2022-40216 | medium | 6.5 | 6.5 | 4y ago | Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress. | |
| CVE-2022-24038 | medium | 6.5 | 6.5 | 4y ago | Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to damage the page where the agents are listed. | |
| CVE-2022-26934 | medium | 6.5 | 6.5 | 4y ago | Windows Graphics Component Information Disclosure Vulnerability | |
| CVE-2022-50961 | medium | 6.4 | 6.4 | 17d ago | WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend Setti… | |
| CVE-2022-50949 | medium | 6.4 | 6.4 | 17d ago | WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized mov, pdf, mp4, we… | |
| CVE-2022-50948 | medium | 6.4 | 6.4 | 17d ago | Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type fi… | |
| CVE-2022-50947 | medium | 6.4 | 6.4 | 17d ago | WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the po… | |
| CVE-2022-50946 | medium | 6.4 | 6.4 | 17d ago | WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title … | |
| CVE-2022-50945 | medium | 6.4 | 6.4 | 17d ago | WordPress 3dady Real-Time Web Stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input … | |
| CVE-2022-44626 | medium | 6.3 | 6.3 | 2y ago | Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20. | |
| CVE-2022-28244 | medium | 6.3 | 6.3 | 4y ago | Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a violation of secure design principles through bypassing the content s… | |
| CVE-2022-24512 | medium | 6.3 | 6.3 | 4y ago | Important: .NET 5.0 security and bugfix update | |
| CVE-2022-50956 | medium | 6.2 | 6.2 | 17d ago | WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the… | |
| CVE-2022-50954 | medium | 6.2 | 6.2 | 17d ago | WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tbli… | |
| CVE-2022-50969 | medium | 6.1 | 6.1 | 17d ago | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functi… | |
| CVE-2022-50968 | medium | 6.1 | 6.1 | 17d ago | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality ar… | |
| CVE-2022-50967 | medium | 6.1 | 6.1 | 17d ago | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are… | |
| CVE-2022-50966 | medium | 6.1 | 6.1 | 17d ago | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are no… | |
| CVE-2022-50965 | medium | 6.1 | 6.1 | 17d ago | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are n… | |
| CVE-2022-50964 | medium | 6.1 | 6.1 | 17d ago | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The date_created, date_from, date_to, and created_at parameters in the filter… | |
| CVE-2022-50963 | medium | 6.1 | 6.1 | 17d ago | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The date_created, date_from, date_to, and created_at parameters in the filte… | |
| CVE-2022-50962 | medium | 6.1 | 6.1 | 17d ago | uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The date_created, date_from, date_to, and created_at parameters in the filter functionality ar… | |
| CVE-2022-50960 | medium | 6.1 | 6.1 | 17d ago | WordPress International SMS for Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inj… | |
| CVE-2022-50959 | medium | 6.1 | 6.1 | 17d ago | WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Att… | |
| CVE-2022-50958 | medium | 6.1 | 6.1 | 17d ago | WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Attackers… | |
| CVE-2022-50957 | medium | 6.1 | 6.1 | 17d ago | Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Atta… | |
| CVE-2022-50943 | medium | 6.1 | 6.1 | 17d ago | Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can injec… | |
| CVE-2022-23961 | medium | 6.1 | 6.1 | 20d ago | In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by unauthenticated remote attackers to target users of the mo… | |
| CVE-2022-47153 | medium | 6.1 | 6.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPJobBoard Jobeleon Theme allows Reflected XSS.This issue affects Jobeleon Theme: from n/a throug… | |
| CVE-2022-45850 | medium | 6.1 | 6.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before 5.6.9. | |
| CVE-2022-45847 | medium | 6.1 | 6.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting (XSS).This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1. | |
| CVE-2022-45365 | medium | 6.1 | 6.1 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a t… | |
| CVE-2022-45084 | medium | 6.1 | 6.1 | 3y ago | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. | |
| CVE-2022-45836 | medium | 6.1 | 6.1 | 3y ago | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions. | |
| CVE-2022-23791 | medium | 6.1 | 6.1 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS). Th… | |
| CVE-2022-23790 | medium | 6.1 | 6.1 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting (XSS). Th… | |
| CVE-2022-2178 | medium | 6.1 | 6.1 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saysis Computer Starcities allows Cross-Site Scripting (XSS). This issue affects Starcities: bef… | |
| CVE-2022-45087 | medium | 6.1 | 6.1 | 3y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS). This issu… | |
| CVE-2022-2266 | medium | 6.1 | 6.1 | 4y ago | University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2 | |
| CVE-2022-26859 | medium | 6.1 | 6.1 | 4y ago | Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM. | |
| CVE-2022-26858 | medium | 6.1 | 6.1 | 4y ago | Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order … | |
| CVE-2022-27774 | medium | 5.7 | 5.7 | 4y ago | Moderate: curl security update | |
| CVE-2022-2534 | medium | — | 5.5 | — | unknown in gitlab | |
| CVE-2022-2539 | medium | — | 5.5 | — | unknown in gitlab | |
| CVE-2022-27778 | medium | — | 5.5 | — | A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. | |
| CVE-2022-2456 | medium | — | 5.5 | — | unknown in gitlab | |
| CVE-2022-27780 | medium | — | 5.5 | — | The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.F… | |
| CVE-2022-21600 | medium | — | 5.5 | — | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privi… | |
| CVE-2022-31624 | medium | — | 5.5 | — | MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, … | |
| CVE-2022-0419 | medium | — | 5.5 | — | NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0. | |
| CVE-2022-31621 | medium | — | 5.5 | — | MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the… | |
| CVE-2022-2095 | medium | — | 5.5 | — | unknown in gitlab | |
| CVE-2022-2326 | medium | — | 5.5 | — | unknown in gitlab | |
| CVE-2022-32205 | medium | — | 5.5 | — | A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent H… | |
| CVE-2022-33070 | medium | — | 5.5 | — | Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Se… | |
| CVE-2022-28202 | medium | — | 5.5 | — | An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used i… | |
| CVE-2022-2417 | medium | — | 5.5 | — | unknown in gitlab | |
| CVE-2022-2303 | medium | — | 5.5 | — | unknown in gitlab | |
| CVE-2022-30115 | medium | — | 5.5 | — | Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the hos… | |
| CVE-2022-2512 | medium | — | 5.5 | — | unknown in gitlab | |
| CVE-2022-2500 | medium | — | 5.5 | — | unknown in gitlab | |
| CVE-2022-2497 | medium | — | 5.5 | — | unknown in gitlab | |
| CVE-2022-27779 | medium | — | 5.5 | — | libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt … | |
| CVE-2022-0669 | medium | — | 5.5 | — | A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages th… | |
| CVE-2022-2307 | medium | — | 5.5 | — | unknown in gitlab | |
| CVE-2022-49648 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |
| CVE-2022-49845 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |
| CVE-2022-49627 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |
| CVE-2022-49643 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |
| CVE-2022-49670 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |
| CVE-2022-49437 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |
| CVE-2022-49443 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |
| CVE-2022-49432 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |
| CVE-2022-49024 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |
| CVE-2022-50143 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: intel_th: Fix a resource leak in an error handling path If an error occurs after calling 'pci_alloc_irq_vectors()', 'pci_free_irq… | |
| CVE-2022-50504 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid scheduling in rtas_os_term() It's unsafe to use rtas_busy_delay() to handle a busy status from the ibm,os-ter… |