CVE-2022-1xxx

There are 971 CVE in this subgroup.
Last updated: 
← Back to 2022
ID Summary Flags Max Score
CVE-2022-1000 Path Traversal in prasathmani/tinyfilemanager
E S
CVE-2022-1001 WP Downgrade < 1.2.3 - Admin+ Stored Cross-Site Scripting
E S
CVE-2022-1002 HTML Injection while inviting Guests
E S
CVE-2022-1003 Sysadmin can override existing configs & bypass restrictions like EnableUploads
S
CVE-2022-1004 Information disclosure in the External Interface
S
CVE-2022-1005 WP Statistics < 13.2.2 - Reflected Cross-Site Scripting
E
CVE-2022-1006 Advanced Booking Calendar < 1.7.1 - Admin+ SQLi
E S
CVE-2022-1007 Advanced Booking Calendar < 1.7.1 - Reflected Cross-Site Scripting
E S
CVE-2022-1008 One Click Demo Import < 3.1.0 - Admin+ Arbitrary File Upload
E S
CVE-2022-1009 Smush < 3.9.9 - Admin+ Reflected Cross-Site Scripting
E
CVE-2022-1010 Login using WordPress Users < 1.13.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1011 A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers wri...
CVE-2022-1012 A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to...
CVE-2022-1013 Personal Dictionary < 1.3.4 - Unauthenticated SQLi
E
CVE-2022-1014 WP Contacts Manager <= 2.2.4 - Unauthenticated SQLi
E
CVE-2022-1015 A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsyst...
E
CVE-2022-1016 A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause...
E
CVE-2022-1018 ICSA-22-088-01 Rockwell Automation ISaGRAF
S
CVE-2022-1019 Automated Logic WebCtrl Server Open Redirection Vulnerability
S
CVE-2022-1020 Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call
E
CVE-2022-1021 Insecure Storage of Sensitive Information in chatwoot/chatwoot
E S
CVE-2022-1022 Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot
E S
CVE-2022-1023 Podcast Importer SecondLine < 1.3.8 - Admin+ SQLi
E S
CVE-2022-1024 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2022-1025 All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control ...
E
CVE-2022-1026 Kyocera Net View Address Book Exposure
E
CVE-2022-1027 Page Restriction WordPress < 1.2.7 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1028 WordPress Security < 4.2.1 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1029 Limit Login Attempts < 4.0.72 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1030 Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulne...
CVE-2022-1031 Use After Free in op_is_set_bp in radareorg/radare2
E S
CVE-2022-1032 Insecure deserialization of not validated module file in crater-invoice/crater
E S
CVE-2022-1033 Unrestricted Upload of File with Dangerous Type in crater-invoice/crater
E S
CVE-2022-1034 There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in star7th/showdoc
E S
CVE-2022-1035 Segmentation Fault caused by MP4Box -lsr in gpac/gpac
E S
CVE-2022-1036 Able to create an account with long password leads to memory corruption / Integer Overflow in microweber/microweber
E S
CVE-2022-1037 EXMAGE < 1.0.7 - Admin+ Blind SSRF
E
CVE-2022-1038 A potential security vulnerability has been identified in the HP Jumpstart software, which might all...
S
CVE-2022-1039 ICSA-22-104-03 Red Lion DA50N
M
CVE-2022-1040 An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to e...
KEV E M
CVE-2022-1041 Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning
E S
CVE-2022-1042 Out-of-bound write vulnerability in the Bluetooth mesh core stack can be triggered during provisioning
E S
CVE-2022-1043 A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a ...
E S
CVE-2022-1044 Sensitive Data Exposure Due To Insecure Storage Of Profile Image in polonel/trudesk
E S
CVE-2022-1045 Stored XSS viva .svg file upload in polonel/trudesk
E S
CVE-2022-1046 Visual Form Builder < 3.0.7 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1047 Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting
E
CVE-2022-1048 A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers con...
S
CVE-2022-1049 A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired acco...
E
CVE-2022-1050 A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a ...
S
CVE-2022-1051 WPQA < 5.2 - Subscriber+ Stored Cross-Site Scripting via Profile fields
E
CVE-2022-1052 Heap Buffer Overflow in iterate_chained_fixups in radareorg/radare2
E S
CVE-2022-1053 Keylime does not enforce that the agent registrar data is the same when the tenant uses it for valid...
S
CVE-2022-1054 RSVP and Event Management < 2.7.8 - Unauthenticated Entries Export
E
CVE-2022-1055 Use after Free in tc_new_tfilter allowing for privilege escalation in Linux Kernel
E S
CVE-2022-1056 Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service ...
E S
CVE-2022-1057 Pricing Deals for WooCommerce <= 2.0.2.02 - Unauthenticated SQLi
E
CVE-2022-1058 Open Redirect on login in go-gitea/gitea
E S
CVE-2022-1059 CROSS-SITE SCRIPTING CWE-79
CVE-2022-1061 Heap Buffer Overflow in parseDragons in radareorg/radare2
E S
CVE-2022-1062 th23 Social <= 1.2.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1063 Thank Me Later <= 3.3.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1064 SQL injection through marking blog comments on bulk as spam in forkcms/forkcms
E S
CVE-2022-1065 Multi Factor Authentication Bypass in various versions of Abacus ERP
E S
CVE-2022-1066 MISSING AUTHORIZATION CWE-862
CVE-2022-1067 ICSMA-22-095-01 LifePoint Informatics Patient Portal
M
CVE-2022-1068 Modbus Tools Modbus Slave Stack-Based Buffer Overflow
S
CVE-2022-1069 Softing Secure Integration Server Out-of-bounds Read
S
CVE-2022-1070 CHANNEL ACCESSIBLE BY NON-ENDPOINT CWE-300
CVE-2022-1071 User after free in mrb_vm_exec in mruby/mruby
E S
CVE-2022-1072 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26254. Reason: This candidat...
R
CVE-2022-1073 Automatic Question Paper Generator password recovery
CVE-2022-1074 TEM FLEX-1085 injection
CVE-2022-1075 College Website Management System Contact cross site scripting
CVE-2022-1076 Automatic Question Paper Generator System My Account Page login.php cross site scripting
CVE-2022-1077 TEM FLEX-1080/FLEX-1085 Log information disclosure
CVE-2022-1078 SourceCodester College Website Management System sql injection
CVE-2022-1079 SourceCodester One Church Management System churchprofile.php cross site scripting
CVE-2022-1080 SourceCodester One Church Management System attendancy.php sql injection
CVE-2022-1081 SourceCodester Microfinance Management System addcustomerHandler.php cross site scripting
CVE-2022-1082 SourceCodester Microfinance Management System Login Page login.php sql injection
CVE-2022-1083 Microfinance Management System sql injection
CVE-2022-1084 SourceCodester One Church Management System Session userregister.php improper authentication
CVE-2022-1085 CLTPHP POST Parameter cross site scripting
CVE-2022-1086 DolphinPHP User Management Page cross site scripting
E
CVE-2022-1087 htmly Edit Profile Module cross site scripting
E
CVE-2022-1088 Page Security & Membership <= 1.5.15 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1089 Bulk Edit and Create User Profiles < 1.5.14 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1090 Good & Bad Comments <= 1.0.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1091 Safe SVG < 1.9.10 - SVG Sanitisation Bypass
E S
CVE-2022-1092 myCred < 2.4.4 - Subscriber+ Import/Export to Email Address Disclosure
E
CVE-2022-1093 WP Meta SEO < 4.4.7 - Admin+ Stored Cross-Site Scripting via breadcrumbs
E
CVE-2022-1094 Amr Users < 4.59.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1095 Mihdan: No External Links < 5.0.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1096 Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially...
KEV
CVE-2022-1097 NSSToken objects were referenced via direct points, and could have been accessed in an ...
E S
CVE-2022-1098 Delta Electronics DIAEnergie Uncontrolledly Search Path Element
S
CVE-2022-1099 Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7....
CVE-2022-1100 A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior ...
CVE-2022-1101 SourceCodester Royale Event Management System userregister.php improper authentication
CVE-2022-1102 SourceCodester Royale Event Management System companyprofile.php cross site scripting
CVE-2022-1103 Advanced Uploader <= 4.2 - Subscriber+ Arbitrary File Upload
E
CVE-2022-1104 Popup Maker < 1.16.5 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1105 An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to ...
CVE-2022-1106 use after free in mrb_vm_exec in mruby/mruby
E S
CVE-2022-1107 During an internal product security audit a potential vulnerability due to use of Boot Services in t...
S
CVE-2022-1108 A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInte...
S
CVE-2022-1109 An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow d...
S
CVE-2022-1110 A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow...
S
CVE-2022-1111 A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior t...
CVE-2022-1112 Autolinks <= 1.0.1 - Stored Cross-Site Scripting via CSRF
E
CVE-2022-1113 Flower Delivery by Florist One <= 3.7 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1114 A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. Th...
CVE-2022-1115 A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private....
E S
CVE-2022-1116 Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to ca...
E S
CVE-2022-1117 A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc n...
S
CVE-2022-1118 Rockwell Automation ISaGRAF Deserialization of Untrusted Data
CVE-2022-1119 The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parame...
E S
CVE-2022-1120 Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 p...
CVE-2022-1121 A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7...
CVE-2022-1122 A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input di...
CVE-2022-1123 Leaflet Maps Marker < 3.12.5 - Admin+ SQLi
E
CVE-2022-1124 An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to ...
CVE-2022-1125 Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who conv...
E S
CVE-2022-1127 Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacke...
E S
CVE-2022-1128 Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 all...
E S
CVE-2022-1129 Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 ...
E S
CVE-2022-1130 Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 ...
E S
CVE-2022-1131 Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to poten...
E S
CVE-2022-1132 Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.6...
E S
CVE-2022-1133 Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to p...
E S
CVE-2022-1134 Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentiall...
E S
CVE-2022-1135 Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to...
E S
CVE-2022-1136 Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convince...
E S
CVE-2022-1137 Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attack...
E S
CVE-2022-1138 Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote ...
E S
CVE-2022-1139 Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed...
E S
CVE-2022-1141 Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who...
E S
CVE-2022-1142 Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who ...
CVE-2022-1143 Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who ...
CVE-2022-1144 Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convin...
CVE-2022-1145 Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinc...
E S
CVE-2022-1146 Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a re...
E S
CVE-2022-1148 Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 p...
CVE-2022-1152 Menubar < 5.8 - Reflected Cross-Site Scripting
E
CVE-2022-1153 LayerSlider < 7.1.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1154 Use after free in utf_ptr2char in vim/vim
E S
CVE-2022-1155 Old sessions are not blocked by the login enable function. in snipe/snipe-it
E S
CVE-2022-1156 Books & Papers <= 0.20210223 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1157 Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14....
CVE-2022-1158 A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as t...
E
CVE-2022-1159 Rockwell Automation Studio 5000 Logix Designer Code Injection
M
CVE-2022-1160 heap buffer overflow in get_one_sourceline in vim/vim
E S
CVE-2022-1161 ICSA-22-090-05 Rockwell Automation Logix Controllers
S
CVE-2022-1162 A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, S...
CVE-2022-1163 Cross-site Scripting (XSS) - Stored in mineweb/minewebcms
E S
CVE-2022-1164 Wyzi < 2.4.3 - Reflected Cross-Site Scripting (XSS)
E
CVE-2022-1165 Blackhole for Bad Bots < 3.3.2 - Arbitrary IP Address Blocking via IP Spoofing
E S
CVE-2022-1166 JobMonster < 4.6.6.1 - Directory Listing in Upload Folder
E
CVE-2022-1167 CareerUp < 2.3.1 - Unauthenticated Reflected Cross-Site Scripting
E
CVE-2022-1168 JobSearch < 1.5.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
E
CVE-2022-1169 Careerfy < 3.9.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)
E
CVE-2022-1170 JobMonster < 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting
E
CVE-2022-1171 Vertical scroll recent post < 14.0 - Reflected Cross-Site Scripting
E
CVE-2022-1172 Null Pointer Dereference Caused Segmentation Fault in gpac/gpac
E S
CVE-2022-1173 stored xss in getgrav/grav
E S
CVE-2022-1174 A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versio...
CVE-2022-1175 Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions star...
CVE-2022-1176 Loose comparison causes IDOR on multiple endpoints in livehelperchat/livehelperchat
E S
CVE-2022-1177 Accounting User Can Download Patient Reports in openemr in openemr/openemr
E S
CVE-2022-1178 Stored Cross Site Scripting in openemr/openemr
E S
CVE-2022-1179 Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in openemr/openemr
E S
CVE-2022-1180 Reflected Cross Site Scripting in openemr/openemr
E S
CVE-2022-1181 Stored Cross Site Scripting in openemr/openemr
E S
CVE-2022-1182 Visual Slide Box Builder <= 3.2.9 - Subscriber+ SQLi
E
CVE-2022-1183 Destroying a TLS session early causes assertion failure
S
CVE-2022-1184 A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesyste...
S
CVE-2022-1185 A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 1...
CVE-2022-1186 The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consi...
S
CVE-2022-1187 The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data f...
S
CVE-2022-1188 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7...
CVE-2022-1189 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7...
CVE-2022-1190 Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, ...
CVE-2022-1191 SSRF on index.php/cobrowse/proxycss/ in livehelperchat/livehelperchat
E S
CVE-2022-1192 Turn off all comments <= 1.0 - Reflected Cross-Site Scripting
E
CVE-2022-1193 Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14....
E
CVE-2022-1194 Mobile Events Manager < 1.4.8 - Admin+ CSV Injection
E
CVE-2022-1195 A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allo...
S
CVE-2022-1196 After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use...
E
CVE-2022-1197 When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did...
CVE-2022-1198 A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows...
E S
CVE-2022-1199 A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simu...
S
CVE-2022-1201 NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby
E S
CVE-2022-1202 WP-CRM <= 1.2.1 - CSV Injection
E
CVE-2022-1203 Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update
E
CVE-2022-1204 A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in ...
E S
CVE-2022-1205 A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functio...
E S
CVE-2022-1206 AdRotate – Ad manager & AdSense Ads <= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload
CVE-2022-1207 Out-of-bounds read in radareorg/radare2
E S
CVE-2022-1208 The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biogra...
E S
CVE-2022-1209 The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient va...
E
CVE-2022-1210 LibTIFF tiff2ps resource consumption
E
CVE-2022-1211 tildearrow Furnace FUR to VGM Converter stack-based overflow
E S
CVE-2022-1212 Use-After-Free in str_escape in mruby/mruby in mruby/mruby
E S
CVE-2022-1213 SSRF filter bypass port 80, 433 in livehelperchat/livehelperchat
E S
CVE-2022-1214 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was inco...
R
CVE-2022-1215 A format string vulnerability was found in libinput...
CVE-2022-1216 Advanced Image Sitemap <= 1.2 - Reflected Cross-Site Scripting
E
CVE-2022-1217 Custom TinyMCE Shortcode Button <= 1.1 - Reflected Cross-Site Scripting
E
CVE-2022-1218 Domain Replace <= 1.3.8 - Reflected Cross-Site Scripting
E
CVE-2022-1219 SQL injection in RecyclebinController.php in pimcore/pimcore
E S
CVE-2022-1220 FoxyShop < 4.8.2 - Reflected Cross-Site Scripting
E
CVE-2022-1221 Gwyn's Imagemap Selector <= 0.3.3 - Reflected Cross-Site Scripting
E
CVE-2022-1222 Inf loop in gpac/gpac
E S
CVE-2022-1223 Incorrect Authorization in phpipam/phpipam
E S
CVE-2022-1224 Improper Authorization in phpipam/phpipam
E S
CVE-2022-1225 Incorrect Privilege Assignment in phpipam/phpipam
E S
CVE-2022-1226 Cross-site Scripting (XSS) in phpipam/phpipam
E S
CVE-2022-1227 A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious...
E
CVE-2022-1228 Opensea < 1.0.3 - Admin+ Stored XSS
E
CVE-2022-1229 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be...
CVE-2022-1230 This vulnerability allows local attackers to execute arbitrary code on affected installations of Sam...
CVE-2022-1231 XSS via Embedded SVG in SVG Diagram Format in plantuml/plantuml
E S
CVE-2022-1232 Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentiall...
E S
CVE-2022-1233 URL Confusion When Scheme Not Supplied in medialize/uri.js
E S
CVE-2022-1234 XSS in livehelperchat in livehelperchat/livehelperchat
E S
CVE-2022-1235 Weak secrethash can be brute-forced in livehelperchat/livehelperchat
E S
CVE-2022-1236 Weak Password Requirements in weseek/growi
S
CVE-2022-1237 Improper Validation of Array Index in radareorg/radare2
E S
CVE-2022-1238 Out-of-bounds Write in libr/bin/format/ne/ne.c in radareorg/radare2
E S
CVE-2022-1239 HubSpot < 8.8.15 - Contributor+ Blind SSRF
E
CVE-2022-1240 Heap buffer overflow in libr/bin/format/mach0/mach0.c in radareorg/radare2
E S
CVE-2022-1241 Ask Me < 6.8.2 - Reflected Cross-Site Scripting
E
CVE-2022-1242 Apport can be tricked into connecting to arbitrary sockets as the root user...
CVE-2022-1243 CRHTLF can lead to invalid protocol extraction potentially leading to XSS in medialize/uri.js
E S
CVE-2022-1244 heap-buffer-overflow in radareorg/radare2
E S
CVE-2022-1245 A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorizati...
CVE-2022-1246 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-1280. Reason: This candidate...
R
CVE-2022-1247 An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver use...
E
CVE-2022-1248 SAP Information System POST Request add_admin.php improper authentication
E
CVE-2022-1249 A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c...
S
CVE-2022-1250 LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting
E
CVE-2022-1251 Ask Me < 6.8.4 - CSRF in Edit Profile
E
CVE-2022-1252 Use of a Broken or Risky Cryptographic Algorithm in gnuboard/gnuboard5
E
CVE-2022-1253 Heap-based Buffer Overflow in strukturag/libde265
E S
CVE-2022-1254 SWG URL redirection vulnerability
CVE-2022-1255 Import and export users and customers < 1.19.2.1 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1256 Improper Privilege Management in McAfee Agent for Windows
CVE-2022-1257 Improper Verification of Cryptographic Signature by McAfee Agent
CVE-2022-1258 SQL injection vulnerability in McAfee Agent's ePO extension
CVE-2022-1259 A flaw was found in Undertow. A potential security issue in flow control handling by the browser ove...
CVE-2022-1260 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2022-1261 Matrikon OPC Server Improper Access Control
S
CVE-2022-1262 A command injection vulnerability in the protest binary allows an attacker with access to the remote...
E
CVE-2022-1263 A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enab...
E S
CVE-2022-1264 Inductive Automation Ignition
S
CVE-2022-1265 BulletProof Security < 6.1 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1266 Post Grid, Slider & Carousel Ultimate < 1.5.0 - Admin+ Stored XSS
E
CVE-2022-1267 BMI BMR Calculator <= 1.3 - Reflected Cross-Site Scripting
E
CVE-2022-1268 Donate Extra <= 2.02 - Reflected Cross-Site Scripting
E
CVE-2022-1269 Fast Flow < 1.2.12 - Reflected Cross-Site Scripting
E
CVE-2022-1270 In GraphicsMagick, a heap buffer overflow was found when parsing MIFF....
E
CVE-2022-1271 An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied o...
S
CVE-2022-1273 Import WP < 2.4.6 - Admin+ Arbitrary File Upload to RCE
E
CVE-2022-1274 A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML...
CVE-2022-1275 BannerMan <= 0.2.4 - Multiple Admin+ Stored Cross-Site Scripting
E
CVE-2022-1276 Out-of-bounds Read in mrb_get_args in mruby/mruby
E S
CVE-2022-1277 SQL Injection in Inavitas Solar Log
S
CVE-2022-1278 A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other da...
CVE-2022-1279 Insecure EBICS messages encryption implementation in ebics-java/ebics-java-client could allow an adjacent attacker to decrypt EBICS payloads
S
CVE-2022-1280 A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Lin...
CVE-2022-1281 Photo Gallery < 1.6.3 - Unauthenticated SQL Injection
E S
CVE-2022-1282 Photo Gallery < 1.6.3 - Reflected Cross-Site Scripting
E S
CVE-2022-1283 NULL Pointer Dereference in r_bin_ne_get_entrypoints function in radareorg/radare2
E S
CVE-2022-1284 heap-use-after-free in radareorg/radare2
E S
CVE-2022-1285 Server-Side Request Forgery (SSRF) in gogs/gogs
E S
CVE-2022-1286 heap-buffer-overflow in mrb_vm_exec in mruby/mruby in mruby/mruby
E S
CVE-2022-1287 School Club Application System resource injection
CVE-2022-1288 School Club Application System cross site scripting
CVE-2022-1289 tildearrow Furnace Incomplete Fix CVE-2022-1211 denial of service
E S
CVE-2022-1290 Stored XSS in "Name", "Group Name" & "Title" in polonel/trudesk
E S
CVE-2022-1291 XSS vulnerability with default `onCellHtmlData` function in hhurz/tableexport.jquery.plugin
E S
CVE-2022-1292 The c_rehash script allows command injection
CVE-2022-1293 XSS vulnerability in Citadel
S
CVE-2022-1294 IMDB info box <= 2.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1295 Prototype Pollution in alvarotrigo/fullpage.js
E S
CVE-2022-1296 Out-of-bounds read in `r_bin_ne_get_relocs` function in radareorg/radare2
E S
CVE-2022-1297 Out-of-bounds Read in r_bin_ne_get_entrypoints function in radareorg/radare2
E S
CVE-2022-1298 Tabs Responsive < 2.2.8 - Editor+ Stored Cross-Site Scripting
E
CVE-2022-1299 Slideshow <= 2.3.1 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1300 Missing authentication in TRUMPF products may result in corruption of data
S
CVE-2022-1301 WP Contact Slider < 2.4.7 - Editor+ Stored Cross-Site Scripting
E
CVE-2022-1302 Malformed Goose Message in LibIEC61850 may result in a denial of service
CVE-2022-1303 Slide Anything < 2.3.44 - Editor+ Stored Cross-Site Scripting
E
CVE-2022-1304 An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segme...
CVE-2022-1305 Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to poten...
E
CVE-2022-1306 Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote...
E S
CVE-2022-1307 Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allow...
E S
CVE-2022-1308 Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to poten...
E S
CVE-2022-1309 Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a...
E S
CVE-2022-1310 Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attac...
E S
CVE-2022-1311 Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacke...
E S
CVE-2022-1312 Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced ...
E S
CVE-2022-1313 Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to po...
E S
CVE-2022-1314 Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentiall...
E S
CVE-2022-1316 Incorrect Permission Assignment for Critical Resource in zerotier/zerotierone
E S
CVE-2022-1318 Hills ComNav Inadequate Encryption Strength
S
CVE-2022-1319 A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response pack...
S
CVE-2022-1320 Sliderby10Web < 1.2.52 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1321 miniOrange's Google Authenticator < 5.5.6 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1322 Coming Soon - Under Construction <= 1.1.9 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1323 Discy < 5.0 - Subscriber+ Broken Access Control to change settings
E
CVE-2022-1324 Event Timeline <= 1.1.5 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1325 A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modi...
E S
CVE-2022-1326 Form - Contact Form <= 1.2.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1327 Image Gallery - Grid Gallery < 1.1.6 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1328 Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allow...
E S
CVE-2022-1329 Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution
E S
CVE-2022-1330 stored xss due to unsantized anchor url in alvarotrigo/fullpage.js
E S
CVE-2022-1331 Delta Electronics DMARS Improper Restriction of XML External Entity Reference
CVE-2022-1332 Restricted custom admin role can bypass the restrictions and view the server logs and server config.json file contents
S
CVE-2022-1333 A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service
S
CVE-2022-1334 WP YouTube Live < 1.8.3 - Admin+ Stored Cross Site Scripting
E
CVE-2022-1335 Slideshow CK < 1.4.10 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1336 Carousel CK <= 1.1.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1337 OOM DoS in Mattermost image proxy
S
CVE-2022-1338 Easily Generate Rest API Url <= 1.0.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1339 SQL injection in ElementController.php in pimcore/pimcore
E S
CVE-2022-1340 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
E S
CVE-2022-1341 An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in get_cmdln_options() f...
E S
CVE-2022-1342 A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attacke...
CVE-2022-1343 OCSP_basic_verify may incorrectly verify the response signing certificate
CVE-2022-1344 Stored XSS due to no sanitization in the filename in causefx/organizr
E S
CVE-2022-1345 Stored XSS viva .svg file upload in causefx/organizr
E S
CVE-2022-1346 Multiple Stored XSS in causefx/organizr
E S
CVE-2022-1347 Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in causefx/organizr
E S
CVE-2022-1348 A vulnerability was found in logrotate in how the state file is created. The state file is used to p...
S
CVE-2022-1349 WPQA < 5.2 - Subscriber+ Arbitrary Profile Picture Deletion via IDOR
E
CVE-2022-1350 GhostPCL gsmchunk.c chunk_free_object memory corruption
CVE-2022-1351 Stored XSS in Tooltip in pimcore/pimcore
E S
CVE-2022-1352 Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from...
CVE-2022-1353 A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. Th...
S
CVE-2022-1354 A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. ...
E S
CVE-2022-1355 A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an...
E S
CVE-2022-1356 Cambium Networks cnMaestro use of Potentially Dangerous Function
S
CVE-2022-1357 Cambium Networks cnMaestro OS Command Injection
S
CVE-2022-1358 Cambium Networks cnMaestro SQL Injection
S
CVE-2022-1359 Cambium Networks cnMaestro Path Traversal
S
CVE-2022-1360 Cambium Networks cnMaestro OS Command Injection
S
CVE-2022-1361 Cambium Networks cnMaestro SQL Injection
S
CVE-2022-1362 Cambium Networks cnMaestro OS Command Injection
S
CVE-2022-1364 Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to ...
KEV E S
CVE-2022-1365 Exposure of Private Personal Information to an Unauthorized Actor in lquixada/cross-fetch
E S
CVE-2022-1366 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil...
S
CVE-2022-1367 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil...
S
CVE-2022-1368 Cognex 3D-A1000 Dimensioning System Missing Authentication for Critical Function
CVE-2022-1369 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil...
S
CVE-2022-1370 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil...
S
CVE-2022-1371 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil...
S
CVE-2022-1372 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil...
S
CVE-2022-1373 Softing Secure Integration Server Relative Path Traversal
S
CVE-2022-1374 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil...
S
CVE-2022-1375 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil...
S
CVE-2022-1376 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil...
S
CVE-2022-1377 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil...
S
CVE-2022-1378 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerabil...
S
CVE-2022-1379 URL Restriction Bypass in plantuml/plantuml
E S
CVE-2022-1380 Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it
E S
CVE-2022-1381 global heap buffer overflow in skip_range in vim/vim
E S
CVE-2022-1382 NULL Pointer Dereference in radareorg/radare2
E S
CVE-2022-1383 Heap-based Buffer Overflow in radareorg/radare2
E S
CVE-2022-1384 Authorized users are allowed to install old plugin versions from the Marketplace
S
CVE-2022-1385 Invitation Email is resent as a Reminder after invalidating pending email invites
E S
CVE-2022-1386 Fusion Builder < 3.6.2 - Unauthenticated SSRF
E S
CVE-2022-1387 No Future Posts <= 1.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1388 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions p...
KEV E M
CVE-2022-1389 On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0)...
CVE-2022-1390 Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read
E
CVE-2022-1391 Cab fare calculator < 1.0.4 - Unauthenticated LFI
E
CVE-2022-1392 Videos sync PDF <= 1.7.4 - Unauthenticated LFI
E
CVE-2022-1393 WP Subtitle < 3.4.1 - Contributor+ Stored Cross-Site Scripting
E
CVE-2022-1394 Photo Gallery < 1.6.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1395 Easy FAQ with Expanding Text <= 3.2.8.3.1 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1396 Donorbox < 7.1.7 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1397 API Privilege Escalation in alextselegidis/easyappointments
E S
CVE-2022-1398 External Media without Import <= 1.1.2 - Subscriber+ Blind SSRF
E
CVE-2022-1399 Remote code execution in scheduled tasks component
S
CVE-2022-1400 Hardcoded encryption key IV in Exago WebReportsApi.dll
S
CVE-2022-1401 Insufficient validation of provided paths in Exago WrImageResource.axd
S
CVE-2022-1402 Delta Electronics ASDA-Soft Out-of-bounds Read
CVE-2022-1403 Delta Electronics ASDA-Soft Out-of-bounds Write
CVE-2022-1404 Delta Electronics CNCSoft Out-of-bounds Read
S
CVE-2022-1405 Delta Electronics CNCSoft Stack-based Buffer Overflow
S
CVE-2022-1406 Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all vers...
CVE-2022-1407 VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF
E
CVE-2022-1408 VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1409 VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ PHP File Upload
E
CVE-2022-1410 Remote Code Execution in Device42 ApplianceManager console
S
CVE-2022-1411 Unrestructed file upload in yetiforcecompany/yetiforcecrm
E S
CVE-2022-1412 Log WP_Mail <= 0.1 - Email Logs Publicly Accessible
E
CVE-2022-1413 Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all ...
CVE-2022-1414 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An a...
CVE-2022-1415 Drools: unsafe data deserialization in streamutils
CVE-2022-1416 Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions start...
E
CVE-2022-1417 Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all...
CVE-2022-1418 Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF
E
CVE-2022-1419 The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refc...
CVE-2022-1420 Use of Out-of-range Pointer Offset in vim/vim
E S
CVE-2022-1421 Discy < 5.2 - Settings Update via CSRF
E
CVE-2022-1422 Discy < 5.2 - Restore Default Settings via CSRF
E
CVE-2022-1423 Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting...
CVE-2022-1424 Ask Me < 6.8.2 - Multiple CSRF in AJAX Actions
E
CVE-2022-1425 WPQA < 5.2 - Subscriber+ Private Message Disclosure via IDOR
E
CVE-2022-1426 An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all ...
CVE-2022-1427 Out-of-bounds Read in mrb_obj_is_kind_of in in mruby/mruby
E S
CVE-2022-1428 An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting f...
CVE-2022-1429 SQL injection in GridHelperService.php in pimcore/pimcore
E S
CVE-2022-1430 Cross-site Scripting (XSS) - DOM in octoprint/octoprint
E S
CVE-2022-1431 An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all...
CVE-2022-1432 Cross-site Scripting (XSS) - Generic in octoprint/octoprint
E S
CVE-2022-1433 An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all ...
CVE-2022-1434 Incorrect MAC key used in the RC4-MD5 ciphersuite
CVE-2022-1435 WPCargo Track & Trace < 6.9.5 - Admin+ Stored Cross Site Scripting
E
CVE-2022-1436 WPCargo Track & Trace < 6.9.5 - Reflected Cross Site Scripting
E
CVE-2022-1437 Heap-based Buffer Overflow in radareorg/radare2
E S
CVE-2022-1438 Keycloak: xss on impersonation under specific circumstances
CVE-2022-1439 Reflected XSS on demo.microweber.org/demo/module/ in microweber/microweber
E S
CVE-2022-1440 Command Injection vulnerability in git-interface@2.1.1 in yarkeev/git-interface
E S
CVE-2022-1441 MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When ...
E S
CVE-2022-1442 The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper acces...
E S
CVE-2022-1443 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1789. Reason: T...
R
CVE-2022-1444 heap-use-after-free in radareorg/radare2
E S
CVE-2022-1445 Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it
E S
CVE-2022-1451 Out-of-bounds Read in r_bin_java_constant_value_attr_new function in radareorg/radare2
E S
CVE-2022-1452 Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in radareorg/radare2
E S
CVE-2022-1453 The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL...
S
CVE-2022-1455 Call Now Button < 1.1.2 - Reflected Cross-Site Scripting
E
CVE-2022-1456 Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1457 Store XSS in title parameter executing at EditUser Page & EditProducto page in neorazorx/facturascripts
E S
CVE-2022-1458 Stored XSS Leads To Session Hijacking in openemr/openemr
E S
CVE-2022-1459 Non-Privilege User Can View Patient’s Disclosures in openemr/openemr
E S
CVE-2022-1460 An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all v...
CVE-2022-1461 Non Privilege User can Enable or Disable Registered in openemr/openemr
E S
CVE-2022-1462 An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in h...
E
CVE-2022-1463 Booking Calendar <= 9.1 - PHP Object Injection via Shortcode
E S
CVE-2022-1464 Stored xss bug in gogs/gogs
E S
CVE-2022-1465 WPC Smart Wishlist for WooCommerce < 2.9.9 - Reflected Cross-Site Scripting
E
CVE-2022-1466 Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that...
E
CVE-2022-1467 AVEVA InTouch Access Anywhere Exposure of Resource to Wrong Sphere
M
CVE-2022-1468 On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authe...
CVE-2022-1469 FiboSearch < 1.18.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1470 Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting
E
CVE-2022-1471 Remote Code execution in SnakeYAML
E
CVE-2022-1472 Better Find and Replace < 1.3.6 - Admin+ SQLi
E
CVE-2022-1473 Resource leakage when decoding certificates and keys
CVE-2022-1474 WP Event Manager < 3.1.28 - Reflected Cross-Site Scripting
E
CVE-2022-1475 An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729...
E S
CVE-2022-1476 The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via direct...
S
CVE-2022-1477 Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potent...
E S
CVE-2022-1478 Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to p...
E S
CVE-2022-1479 Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potenti...
E S
CVE-2022-1480 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2022-1481 Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker w...
E S
CVE-2022-1482 Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attac...
E S
CVE-2022-1483 Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who...
E S
CVE-2022-1484 Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote att...
E S
CVE-2022-1485 Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker ...
E S
CVE-2022-1486 Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain pot...
E S
CVE-2022-1487 Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potenti...
E S
CVE-2022-1488 Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an at...
E S
CVE-2022-1489 Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41...
E S
CVE-2022-1490 Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker...
E S
CVE-2022-1491 Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to pot...
E S
CVE-2022-1492 Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remo...
E S
CVE-2022-1493 Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to pot...
E S
CVE-2022-1494 Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remo...
E S
CVE-2022-1495 Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remo...
E S
CVE-2022-1496 Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to ...
E S
CVE-2022-1497 Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attac...
E S
CVE-2022-1498 Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote...
E S
CVE-2022-1499 Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a ...
E S
CVE-2022-1500 Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote a...
CVE-2022-1501 Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote atta...
E S
CVE-2022-1502 Permissions were not properly verified in the API on projects using version control in Git. This all...
S
CVE-2022-1503 GetSimple CMS Content Module edit.php cross site scripting
E
CVE-2022-1504 XSS in /demo/module/?module=HERE in microweber/microweber
E S
CVE-2022-1505 The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL...
S
CVE-2022-1506 WP Born Babies <= 1.0 - Contributor+ Stored Cross-Site Scripting
E
CVE-2022-1507 chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in hpjansson/chafa
E S
CVE-2022-1508 An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user trigger...
S
CVE-2022-1509 Command Injection Vulnerability in hestiacp/hestiacp
E S
CVE-2022-1510 An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all ...
CVE-2022-1511 Missing Authorization in snipe/snipe-it
E S
CVE-2022-1512 ScrollReveal.js Effects <= 1.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1513 A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may all...
S
CVE-2022-1514 Stored XSS via upload plugin functionality in zip format in neorazorx/facturascripts
E S
CVE-2022-1515 A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarReadNextInfo5() in mat5.c via a c...
E S
CVE-2022-1516 A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network pro...
S
CVE-2022-1517 3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250
CVE-2022-1518 3.2.2 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
CVE-2022-1519 LRM does not restrict the types of files that can be uploaded to the affected product. A malicious a...
CVE-2022-1520 When viewing an email message A, which contains an attached message B, where B is encrypted or digit...
CVE-2022-1521 3.2.4 IMPROPER ACCESS CONTROL CWE-284
CVE-2022-1522 Cognex 3D-A1000 Dimensioning System Improper Output Neutralization for Logs
CVE-2022-1523 Fuji Electric D300win Write-what-where condition
S
CVE-2022-1524 3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319
CVE-2022-1525 Cognex 3D-A1000 Dimensioning System Client-Side Enforcement of Server-Side Security
CVE-2022-1526 Emlog Pro POST Parameter cross site scripting
CVE-2022-1527 WP 2FA < 2.2.1 - Reflected Cross-Site Scripting
E
CVE-2022-1528 VikBooking < 1.5.9 - Reflected Cross-Site Scripting
E
CVE-2022-1529 An attacker could have sent a message to the parent process where the contents were used to double-i...
CVE-2022-1530 Cross-site Scripting (XSS) in livehelperchat/livehelperchat
E S
CVE-2022-1531 SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in rtxteam/rtx
E S
CVE-2022-1532 Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting
E
CVE-2022-1533 Buffer Over-read in bfabiszewski/libmobi
E S
CVE-2022-1534 Buffer Over-read at parse_rawml.c:1416 in bfabiszewski/libmobi
E S
CVE-2022-1536 automad Dashboard cross site scripting
CVE-2022-1537 file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in gruntjs/grunt
E S
CVE-2022-1538 Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload
E
CVE-2022-1539 Exports and Reports < 0.9.2 - Contributor+ CSV Injection
E
CVE-2022-1540 PostmagThemes Demo <= 1.0.7 - Admin+ Arbitrary File Upload
E
CVE-2022-1541 Video Slider - Slider Carousel < 1.4.8 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1542 HPB Dashboard <= 1.3.1 - Admin+ Stored Cross Site Scripting
E
CVE-2022-1543 Improper handling of Length parameter in erudika/scoold
E S
CVE-2022-1544 Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in luyadev/yii-helpers
E S
CVE-2022-1545 It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affect...
CVE-2022-1546 WooCommerce - Product Importer <= 1.5.2 - Reflected Cross-Site Scripting
E
CVE-2022-1547 Check & Log email < 1.0.6 - Reflected Cross-Site Scripting
E
CVE-2022-1548 Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins.
S
CVE-2022-1549 WP Athletics <= 1.1.7 - Subscriber+ Stored Cross-Site Scripting
E
CVE-2022-1550 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2022-1551 SP Project & Document Manager < 4.58 - Sensitive File Disclosure
E
CVE-2022-1552 A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a p...
S
CVE-2022-1553 Leaking password protected articles content due to improper access control in publify/publify
E S
CVE-2022-1554 Path Traversal due to `send_file` call in clinical-genomics/scout
E S
CVE-2022-1555 DOM XSS in microweber ver 1.2.15 in microweber/microweber
E S
CVE-2022-1556 StaffList < 3.1.5 - Admin+ SQLi
E
CVE-2022-1557 ULeak Security & Monitoring <= 1.2.3 - Subscriber+ Stored Cross-Site Scripting
E
CVE-2022-1558 Curtain <= 1.0.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1559 Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1560 Amministrazione Aperta < 3.8 - Admin+ LFI
E
CVE-2022-1561 Crafted backend URLs in Lura Project
S
CVE-2022-1562 Enable SVG < 1.4.0 - Author+ Stored Cross Site Scripting via SVG
E
CVE-2022-1563 WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure
E
CVE-2022-1564 Form Maker By 10Web < 1.14.12 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1565 The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation...
S
CVE-2022-1566 Quotes llama < 1.0.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1567 The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, tha...
CVE-2022-1568 Team Members < 5.1.1 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1569 WordPress Forms by Pie Forms < 1.4.9.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1570 Files Download Delay < 1.0.7 - Subscriber+ Settings Reset
E
CVE-2022-1571 Cross-site scripting - Reflected in Create Subaccount in neorazorx/facturascripts
E S
CVE-2022-1572 HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion
E
CVE-2022-1573 HTML2WP <= 1.0.0 - Arbitrary Settings Update via CSRF
E
CVE-2022-1574 HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload
E
CVE-2022-1575 Arbitrary Code Execution through Sanitizer Bypass in jgraph/drawio
E S
CVE-2022-1576 WP Maintenance Mode & Coming Soon < 2.4.5 - Subscribed Users Deletion via CSRF
E
CVE-2022-1577 Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF
E
CVE-2022-1578 My wpdb < 2.5 - Arbitrary SQL Query via CSRF
E
CVE-2022-1579 Login Block IPs <= 1.0.0 - IP Spoofing Bypass
E
CVE-2022-1580 Site Offline < 1.5.3 - Access Bypass
E
CVE-2022-1581 WP-Polls < 2.76.0 - IP Validation Bypass
E
CVE-2022-1582 External Links in New Window / New Tab < 1.43 - Unauthenticated Stored Cross-Site Scripting
E
CVE-2022-1583 External Links in New Window / New Tab < 1.43 - Tabnabbing
E
CVE-2022-1584 Reflected XSS in microweber/microweber
E S
CVE-2022-1585 Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download
E
CVE-2022-1586 An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchi...
S
CVE-2022-1587 An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_leng...
S
CVE-2022-1588 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was inco...
R
CVE-2022-1589 Change wp-admin Login < 1.1.0 - Unauthenticated Arbitrary Settings Update
E
CVE-2022-1590 Bludit New Content Module new-content cross site scripting
E
CVE-2022-1591 WordPress Ping Optimizer < 2.35.1.3.0 - Arbitrary Settings Update via CSRF
E S
CVE-2022-1592 Server-Side Request Forgery in scout in clinical-genomics/scout
E S
CVE-2022-1593 Site Offline or Coming Soon <= 1.6.6 - Stored Cross-Site Scripting via CSRF
E
CVE-2022-1594 HC Custom WP-Admin URL <= 1.4 - Arbitrary Settings Update via CSRF
E
CVE-2022-1595 HC Custom WP-Admin URL <= 1.4 - Unauthenticated Secret URL Disclosure
E
CVE-2022-1596 ABB Relion REX640 Insufficient file access control
M
CVE-2022-1597 WPQA < 5.4 - Reflected Cross-Site Scripting
E
CVE-2022-1598 WPQA < 5.5 - Unauthenticated Private Message Disclosure
E
CVE-2022-1599 Admin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRF
E
CVE-2022-1600 YOP Poll < 6.4.3 - IP Spoofing
E
CVE-2022-1601 User Access Manager < 2.2.18 - IP Spoofing
E
CVE-2022-1602 A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The s...
CVE-2022-1603 Mail Subscribe List < 2.1.4 - Arbitrary Subscribed User Deletion via CSRF
E
CVE-2022-1604 MailerLite < 1.5.4 - Reflected Cross-Site Scripting
E
CVE-2022-1605 Email Users <= 4.8.8 - Arbitrary Settings Update via CSRF
E
CVE-2022-1606 Incorrect privilege assignment in M-Files Server
S
CVE-2022-1607 Cross Site Scripting vulnerability in NE843 Pulsar Plus Controller
M
CVE-2022-1608 OnePress Social Locker <= 5.6.2 - Arbitrary Settings Update via CSRF
E
CVE-2022-1609 The School Management < 9.9.7 - Unauthenticated RCE via REST api
E
CVE-2022-1610 Seamless Donations < 5.1.9 - Arbitrary Settings Update via CSRF
E
CVE-2022-1611 Bulk Page Creator < 1.1.4 - Arbitrary Page Creation via CSRF
E
CVE-2022-1612 Webriti SMTP Mail <= 1.0 - Arbitrary Settings Update via CSRF
E
CVE-2022-1613 Restricted Site Access < 7.3.2 - Access Bypass via IP Spoofing
E S
CVE-2022-1614 WP-Email < 2.69.0 - Anti-Spam Protection Bypass via IP Spoofing
E
CVE-2022-1615 In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values....
E S
CVE-2022-1616 Use after free in append_command in vim/vim
E S
CVE-2022-1617 WP-Invoice <= 4.3.1 - Stored Cross-Site Scripting via CSRF
E
CVE-2022-1618 Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF
E
CVE-2022-1619 Heap-based Buffer Overflow in function cmdline_erase_chars in vim/vim
E S
CVE-2022-1620 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in vim/vim
E S
CVE-2022-1621 Heap buffer overflow in vim_strncpy find_word in vim/vim
E S
CVE-2022-1622 LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing atta...
E S
CVE-2022-1623 LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing atta...
E S
CVE-2022-1624 Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via CSRF
E
CVE-2022-1625 New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF
E
CVE-2022-1626 Sharebar <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF
E
CVE-2022-1627 My Private Site < 3.0.8 - Arbitrary Settings Update via CSRF
E
CVE-2022-1628 Simple SEO <= 1.7.91 - Authenticated (Contributor+) Stored Cross-Site Scripting
S
CVE-2022-1629 Buffer Over-read in function find_next_quote in vim/vim
E S
CVE-2022-1630 WP-Email < 2.69.0 - Log Deletion via CSRF
E
CVE-2022-1631 Users Account Pre-Takeover or Users Account Takeover. in microweber/microweber
E S
CVE-2022-1632 An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinatio...
CVE-2022-1633 Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote a...
CVE-2022-1634 Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who h...
CVE-2022-1635 Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attack...
CVE-2022-1636 Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker...
CVE-2022-1637 Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remot...
CVE-2022-1638 Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0.4951.64 allowed a re...
CVE-2022-1639 Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potenti...
CVE-2022-1640 Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who conv...
CVE-2022-1641 Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a ...
E S
CVE-2022-1642 A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a po...
CVE-2022-1643 Birthdays Widget <= 1.7.18 - Admin+ Stored Cross Site Scripting
E
CVE-2022-1644 Call&Book Mobile Bar <= 1.2.2 - Admin+ Stored Cross Site Scripting
E
CVE-2022-1645 Amazon Link <= 3.2.10 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1646 Simple Real Estate Pack <= 1.4.8 - Admin+ Stored Cross Site Scripting
E
CVE-2022-1647 FormCraft Basic < 1.2.6 - Admin+ Stored Cross Site Scripting
E
CVE-2022-1648 Relative Path Traversal to Remote Code Execution in File Manager
S
CVE-2022-1649 Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in radareorg/radare2
E S
CVE-2022-1650 Improper Removal of Sensitive Information Before Storage or Transfer in eventsource/eventsource
E S
CVE-2022-1651 A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c fu...
S
CVE-2022-1652 Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concu...
CVE-2022-1653 Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF
E
CVE-2022-1654 Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation
E
CVE-2022-1655 An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenSt...
CVE-2022-1656 JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification
CVE-2022-1657 JupiterX Theme <= 2.0.6 and Jupiter Theme <= 6.10.1 - Authenticated Path Traversal and Local File Inclusion
E
CVE-2022-1658 Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion
E
CVE-2022-1659 JupiterX Core <= 2.0.6 - Information Disclosure, Modification, and Denial of Service
E
CVE-2022-1660 Keysight N6854A Geolocation server and N6841A RF Sensor software
S
CVE-2022-1661 Keysight N6854A Geolocation server and N6841A RF Sensor software
S
CVE-2022-1662 In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red...
S
CVE-2022-1663 Stop Spam Comments <= 0.2.1.2 - Access Token Bypass
E
CVE-2022-1664 directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar
S
CVE-2022-1665 A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can b...
CVE-2022-1666 Secheron SEPCOS Control and Protection Relay
S
CVE-2022-1667 Secheron SEPCOS Control and Protection Relay
S
CVE-2022-1668 Secheron SEPCOS Control and Protection Relay
S
CVE-2022-1669 Circutor COMPACT DC-S BASIC
M
CVE-2022-1670 When generating a user invitation code in Octopus Server, the validity of this code can be set for a...
CVE-2022-1671 A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux...
S
CVE-2022-1672 Insights from Google PageSpeed < 4.0.7 - Multiple CSRF
E
CVE-2022-1673 WooCommerce Green Wallet Gateway < 1.0.2 - Reflected Cross Site Scripting in checkout page
E
CVE-2022-1674 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in vim/vim
E S
CVE-2022-1676 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2022-1677 In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payl...
S
CVE-2022-1678 An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference ...
S
CVE-2022-1679 A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a u...
S
CVE-2022-1680 An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.1...
CVE-2022-1681 Authentication Bypass Using an Alternate Path or Channel in requarks/wiki
E S
CVE-2022-1682 Reflected Xss using url based payload in neorazorx/facturascripts
E S
CVE-2022-1683 amtyThumb <= 4.2.0 - Subscriber+ SQLi
E
CVE-2022-1684 Cube Slider <= 1.2 - Admin+ SQLi
E
CVE-2022-1685 Five Minute Webshop <= 1.3.2 - Admin+ SQLi via orderby
E
CVE-2022-1686 Five Minute Webshop <= 1.3.2 - Admin+ SQLi via id
E
CVE-2022-1687 Logo Slider <= 1.4.8 - Admin+ SQLi
E
CVE-2022-1688 Note Press <= 0.1.10 - Admin+ SQLi via id
E
CVE-2022-1689 Note Press <= 0.1.10 - Admin+ SQLi via Update
E
CVE-2022-1690 Note Press <= 0.1.10 - Admin+ SQLi via Bulk Actions
E
CVE-2022-1691 Realty Workstation < 1.0.15 - Agent SQLi
E
CVE-2022-1692 CP Image Store with Slideshow < 1.0.68 - Unauthenticated SQLi
E
CVE-2022-1694 Useful Banner Manager <= 1.6.1 - Modify banners via CSRF
E
CVE-2022-1695 WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF
E
CVE-2022-1697 Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service...
M
CVE-2022-1698 Allowing long password leads to denial of service in causefx/organizr
E S
CVE-2022-1699 Uncontrolled Resource Consumption in causefx/organizr
E S
CVE-2022-1700 Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of ...
S
CVE-2022-1701 SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-c...
CVE-2022-1702 SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled...
CVE-2022-1703 Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interf...
CVE-2022-1704 Inductive Automation Ignition
S
CVE-2022-1705 Improper sanitization of Transfer-Encoding headers in net/http
E S
CVE-2022-1706 A vulnerability was found in Ignition where ignition configs are accessible from unprivileged contai...
S
CVE-2022-1707 The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scri...
CVE-2022-1708 A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyon...
E S
CVE-2022-1709 Throws SPAM Away < 3.3.1 - Comment Deletion via CSRF
E
CVE-2022-1710 Appointment Hour Booking < 1.3.56 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1711 Server-Side Request Forgery (SSRF) in jgraph/drawio
E S
CVE-2022-1712 LiveSync for WordPress <= 1.0 - Arbitrary Settings Update via CSRF
E
CVE-2022-1713 SSRF on /proxy in jgraph/drawio
E S
CVE-2022-1714 Out-of-bounds Read in radareorg/radare2
E S
CVE-2022-1715 Account Takeover in neorazorx/facturascripts
E S
CVE-2022-1716 Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the...
E
CVE-2022-1717 Custom Share Buttons with Floating Sidebar < 4.2 - Admin+ Stored XSS
E
CVE-2022-1718 The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in polonel/trudesk
E S
CVE-2022-1719 Reflected XSS on ticket filter function in polonel/trudesk
E S
CVE-2022-1720 Buffer Over-read in function grab_file_name in vim/vim
E S
CVE-2022-1721 Path Traversal in WellKnownServlet in jgraph/drawio
E S
CVE-2022-1722 SSRF in editor's proxy via IPv6 link-local address in jgraph/drawio
E S
CVE-2022-1723 Server-Side Request Forgery (SSRF) in jgraph/drawio
E S
CVE-2022-1724 Simple Membership < 4.1.1 - Reflected Cross-Site Scripting
E
CVE-2022-1725 NULL Pointer Dereference in vim/vim
E S
CVE-2022-1726 Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in wenzhixin/bootstrap-table
E S
CVE-2022-1727 Improper Input Validation in jgraph/drawio
E S
CVE-2022-1728 Allowing long password leads to denial of service in polonel/trudesk in polonel/trudesk
E S
CVE-2022-1729 A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unpriv...
S
CVE-2022-1730 Cross-site Scripting (XSS) - Stored in jgraph/drawio
E S
CVE-2022-1731 Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the...
E
CVE-2022-1732 Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF
E
CVE-2022-1733 Heap-based Buffer Overflow in vim/vim
E S
CVE-2022-1734 A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead ...
E S
CVE-2022-1735 Classic Buffer Overflow in vim/vim
E S
CVE-2022-1736 Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by defau...
CVE-2022-1737 Pyramid Solutions EtherNet/IP Adapter Development Kit Out-of-bound Write
CVE-2022-1738 Fuji Electric D300win Out-of-bounds Read
S
CVE-2022-1739 2.2.1 IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347
M
CVE-2022-1740 2.2.2 MUTABLE ATTESTATION OR MEASUREMENT REPORTING DATA CWE-1283
M
CVE-2022-1741 2.2.3 HIDDEN FUNCTIONALITY CWE-912
M
CVE-2022-1742 2.2.4 IMPROPER PROTECTION OF ALTERNATE PATH CWE-424
M
CVE-2022-1743 2.2.5 PATH TRAVERSAL: '../FILEDIR' CWE-24
M
CVE-2022-1744 2.2.6 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250
M
CVE-2022-1745 2.2.7 AUTHENTICATION BYPASS BY SPOOFING CWE-290
M
CVE-2022-1746 2.2.8 INCORRECT PRIVILEGE ASSIGNMENT CWE-266
M
CVE-2022-1747 The authentication mechanism used by voters to activate a voting session on the tested version of Do...
M
CVE-2022-1748 Softing Secure Integration Server NULL Pointer Dereference
S
CVE-2022-1749 The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplug...
E
CVE-2022-1750 The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_t...
CVE-2022-1751 Skitter Slideshow <= 2.5.2 - Unauthenticated Server-Side Request Forgery
CVE-2022-1752 Unrestricted Upload of File with Dangerous Type in polonel/trudesk
E S
CVE-2022-1753 WoWonder Group requests.php access control
E
CVE-2022-1754 Integer Overflow or Wraparound in polonel/trudesk
E S
CVE-2022-1755 SVG Support < 2.5 - Author+ Stored Cross-Site Scripting
E S
CVE-2022-1756 Newsletter < 7.4.5 - Reflected Cross-Site Scripting
E
CVE-2022-1757 Pagebar < 2.70 - Arbitrary Settings Update via CSRF to Stored XSS
E
CVE-2022-1758 Genki Pre-Publish Reminder <= 1.4.1 - Stored XSS & RCE via CSRF
E
CVE-2022-1759 RB Internal Links <= 2.0.16 - Stored Cross-Site Scripting via CSRF
E
CVE-2022-1760 Core Control <= 1.2.1 - Arbitrary Settings Update via CSRF
E
CVE-2022-1761 Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRF
E
CVE-2022-1762 iQ Block Country < 1.2.20 - Protection Bypass due to IP Spoofing
E
CVE-2022-1763 Static Page eXtended <= 2.1 - Arbitrary Settings Update via CSRF to Stored XSS
E
CVE-2022-1764 WP-chgFontSize <= 1.8 - Arbitrary Settings Update via CSRF to Stored XSS
E
CVE-2022-1765 Hot Linked Image Cacher <= 1.16 - Image upload/cache abuse via CSRF
E
CVE-2022-1766 Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software...
CVE-2022-1767 Server-Side Request Forgery (SSRF) in jgraph/drawio
E S
CVE-2022-1768 The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficien...
E
CVE-2022-1769 Buffer Over-read in vim/vim
S
CVE-2022-1770 Improper Privilege Management in polonel/trudesk
E S
CVE-2022-1771 Uncontrolled Recursion in vim/vim
E S
CVE-2022-1772 Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting
E
CVE-2022-1773 WP Athletics <= 1.1.7 - Reflected Cross-Site Scripting
E
CVE-2022-1774 Exposure of Sensitive Information to an Unauthorized Actor in jgraph/drawio
E S
CVE-2022-1775 Weak Password Requirements in polonel/trudesk
E S
CVE-2022-1776 Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting
E
CVE-2022-1777 Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls
E
CVE-2022-1778 A vulnerability exists during the start of the affected SYS600, where an input validation flaw causes a buffer-overflow while reading a specific configuration file. Subsequently SYS600 will fail to start. The configuration file can only be accessed by ...
S
CVE-2022-1779 Auto Delete Posts <= 1.3.0 - Arbitrary Settings Update via CSRF
E
CVE-2022-1780 LaTeX for WordPress <= 3.4.10 - Arbitrary Settings Update via CSRF to Stored XSS
E
CVE-2022-1781 postTabs <= 2.10.6 - Arbitrary Settings Update via CSRF to Stored XSS
E
CVE-2022-1782 Cross-site Scripting (XSS) - Generic in erudika/para
E S
CVE-2022-1783 An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5...
S
CVE-2022-1784 Server-Side Request Forgery (SSRF) in jgraph/drawio
E S
CVE-2022-1785 Out-of-bounds Write in vim/vim
E S
CVE-2022-1786 A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a...
CVE-2022-1787 Sideblog <= 6.0 - Arbitrary Settings Update via CSRF to Stored XSS
E
CVE-2022-1788 Change Uploaded File Permissions <= 4.0.0 - File Permission Update via CSRF
E
CVE-2022-1789 With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INV...
CVE-2022-1790 New User Email Set Up <= 0.5.2 - Arbitrary Settings Update via CSRF
E
CVE-2022-1791 One Click Plugin Updater <= 2.4.14 - Arbitrary Settings Update via CSRF
E
CVE-2022-1792 Quick Subscribe <= 1.7.1 - Arbitrary Settings Update via CSRF to Stored XSS
E
CVE-2022-1793 Private Files <= 0.40 - Protection Disabling via CSRF
E
CVE-2022-1794 Plaintext Storage of a password in CODESYS V3 OPC DA Server
CVE-2022-1795 Use After Free in gpac/gpac
E S
CVE-2022-1796 Use After Free in vim/vim
E S
CVE-2022-1797 Rockwell Automation Logix Controllers Uncontrolled Resource Consumption
S
CVE-2022-1798 Path Traversal vulnerability in Kubevirt
E S
CVE-2022-1799 Incorrect signature verification on Google play-services-basement in Google Play SDK
CVE-2022-1800 Export any WordPress data to XML/CSV < 1.3.5 - Admin+ SQL Injection
E
CVE-2022-1801 Very Simple Contact Form < 11.6 - Captcha bypass
E
CVE-2022-1802 If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollut...
CVE-2022-1803 Improper Restriction of Rendered UI Layers or Frames in polonel/trudesk
E S
CVE-2022-1804 Accountsservice incorrectly drops privileges
CVE-2022-1805 When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not full...
S
CVE-2022-1806 Cross-site Scripting (XSS) - Reflected in rtxteam/rtx
E S
CVE-2022-1807 Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin i...
CVE-2022-1808 Execution with Unnecessary Privileges in polonel/trudesk
E S
CVE-2022-1809 Access of Uninitialized Pointer in radareorg/radare2
E S
CVE-2022-1810 Authorization Bypass Through User-Controlled Key in publify/publify
E S
CVE-2022-1811 Unrestricted Upload of File with Dangerous Type in publify/publify
E S
CVE-2022-1812 Integer Overflow or Wraparound in publify/publify
E S
CVE-2022-1813 OS Command Injection in yogeshojha/rengine
E S
CVE-2022-1814 WP Admin Style <= 0.1.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1815 Exposure of Sensitive Information to an Unauthorized Actor in jgraph/drawio
E S
CVE-2022-1816 Zoo Management System Content Module cross site scripting
CVE-2022-1817 Badminton Center Management System Userlist Module cross site scripting
CVE-2022-1818 Multi-page Toolkit <= 2.6 - Arbitrary Settings Update to Stored XSS via CSRF
E
CVE-2022-1819 Student Information System Student Roll Module cross site scripting
CVE-2022-1820 The Keep Backup Daily plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘...
S
CVE-2022-1821 An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5...
E
CVE-2022-1822 The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via ...
S
CVE-2022-1823 McAfee MCPR privilege escalation
CVE-2022-1824 McAfee MCPR privilege escalation
CVE-2022-1825 Cross-site Scripting (XSS) - Reflected in collectiveaccess/providence
E S
CVE-2022-1826 Cross-Linker <= 3.0.1.9 - Arbitrary Cross-Link Creation via CSRF
E
CVE-2022-1827 PDF24 Article To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF
E
CVE-2022-1828 PDF24 Articles To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF
E
CVE-2022-1829 Inline Google Maps <= 5.11 - Arbitrary Settings Update to Stored XSS via CSRF
E
CVE-2022-1830 Amazon Einzeltitellinks <= 1.3.3 - Arbitrary Settings Update to Stored XSS via CSRF
E
CVE-2022-1831 WPlite <= 1.3.1 - Arbitrary Settings Update via CSRF
E
CVE-2022-1832 CaPa Protect <= 0.5.8.2 - Arbitrary Settings Update via CSRF
E
CVE-2022-1833 A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privile...
CVE-2022-1834 When displaying the sender of an email, and the sender name contained the Braille Pattern Blank spac...
CVE-2022-1835 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2022-1836 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-33981. Reason: This candidat...
R
CVE-2022-1837 Home Clean Services Management System unrestricted upload
E
CVE-2022-1838 Home Clean Services Management System login.php sql injection
E
CVE-2022-1839 Home Clean Services Management System login.php sql injection
E
CVE-2022-1840 Home Clean Services Management System cross site scripting
CVE-2022-1841 Out-of-bound write in tcp_flags
S
CVE-2022-1842 OpenBook Book Data <= 3.5.2 - Arbitrary Settings Update to Stored XSS via CSRF
E
CVE-2022-1843 MailPress <= 7.2.1 - Arbitrary Settings Update & Log Files Purge via CSRF
E
CVE-2022-1844 WP Sentry <= 1.0 - Arbitrary Settings Update to Stored XSS via CSRF
E
CVE-2022-1845 WP Post Styling < 1.3.1 - Multiple CSRF
E
CVE-2022-1846 Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF
E
CVE-2022-1847 Rotating Posts <= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF
E
CVE-2022-1848 Business Logic Errors in erudika/para
E S
CVE-2022-1849 Session Fixation in filegator/filegator
E S
CVE-2022-1850 Path Traversal in filegator/filegator
E S
CVE-2022-1851 Out-of-bounds Read in vim/vim
E S
CVE-2022-1852 A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a deni...
S
CVE-2022-1853 Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to po...
CVE-2022-1854 Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potenti...
CVE-2022-1855 Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to pot...
CVE-2022-1856 Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who con...
CVE-2022-1857 Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a...
CVE-2022-1858 Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to ...
CVE-2022-1859 Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attac...
CVE-2022-1860 Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remo...
CVE-2022-1861 Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote atta...
CVE-2022-1862 Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attack...
CVE-2022-1863 Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinc...
CVE-2022-1864 Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who co...
CVE-2022-1865 Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convince...
CVE-2022-1866 Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote ...
CVE-2022-1867 Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 ...
CVE-2022-1868 Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an at...
CVE-2022-1869 Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentiall...
CVE-2022-1870 Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convin...
CVE-2022-1871 Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a...
CVE-2022-1872 Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an...
CVE-2022-1873 Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote att...
E S
CVE-2022-1874 Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allo...
E S
CVE-2022-1875 Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacke...
CVE-2022-1876 Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who con...
E S
CVE-2022-1881 In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists wher...
CVE-2022-1882 A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs man...
S
CVE-2022-1883 SQL Injection in camptocamp/terraboard
E S
CVE-2022-1884 Remote Command Execution in gogs/gogs
E
CVE-2022-1885 Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF
E
CVE-2022-1886 Heap-based Buffer Overflow in vim/vim
E S
CVE-2022-1887 The search term could have been specified externally to trigger SQL injection. This vulnerability af...
CVE-2022-1888 Fuji Electric Alpha7 PC Loader Fuji Electric Alpha7 PC Loader
CVE-2022-1889 Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1890 A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker ...
S
CVE-2022-1891 A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an a...
S
CVE-2022-1892 A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an a...
S
CVE-2022-1893 Improper Removal of Sensitive Information Before Storage or Transfer in polonel/trudesk
E S
CVE-2022-1894 Popup Builder < 4.1.11 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1895 underConstruction < 1.20 - Construction Mode Deactivation via CSRF
E
CVE-2022-1896 underConstruction < 1.21 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1897 Out-of-bounds Write in vim/vim
E S
CVE-2022-1898 Use After Free in vim/vim
E S
CVE-2022-1899 Out-of-bounds Read in radareorg/radare2
E S
CVE-2022-1900 The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i...
CVE-2022-1901 In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variabl...
S
CVE-2022-1902 A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not ...
E S
CVE-2022-1903 ARMember < 3.4.8 - Unauthenticated Admin Account Takeover
E
CVE-2022-1904 Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting
E
CVE-2022-1905 Events Made Easy < 2.2.81 - Unauthenticated SQLi
E
CVE-2022-1906 Copyright Proof <= 4.16 - Reflected Cross-Site-Scripting
E
CVE-2022-1907 Buffer Over-read in bfabiszewski/libmobi
E S
CVE-2022-1908 Buffer Over-read in bfabiszewski/libmobi
E S
CVE-2022-1909 Cross-site Scripting (XSS) - Stored in causefx/organizr
E S
CVE-2022-1910 Shortcodes and extra features for Phlox theme < 2.9.8 - Reflected Cross-Site-Scripting
E
CVE-2022-1911 Information disclosure in M-Files Server
S
CVE-2022-1912 The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers...
S
CVE-2022-1913 Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF
E
CVE-2022-1914 Clean-Contact <= 1.6 - Arbitrary Settings Update to Stored XSS via CSRF
E
CVE-2022-1915 WP Zillow Review Slider < 2.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1916 Active Products Tables for WooCommerce < 1.0.5 - Reflected Cross-Site-Scripting
E
CVE-2022-1918 The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up...
E
CVE-2022-1919 Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potent...
CVE-2022-1920 Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allow...
E S
CVE-2022-1921 Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite ...
E S
CVE-2022-1922 DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matrosk...
E S
CVE-2022-1923 DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matrosk...
E S
CVE-2022-1924 DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroska...
E S
CVE-2022-1925 DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in ...
E S
CVE-2022-1926 Integer Overflow or Wraparound in polonel/trudesk
E S
CVE-2022-1927 Buffer Over-read in vim/vim
E S
CVE-2022-1928 Cross-site Scripting (XSS) - Stored in go-gitea/gitea
E S
CVE-2022-1929 Exponential ReDoS in devcert
E
CVE-2022-1930 ReDoS in eth-account encode_structured_data function
E
CVE-2022-1931 Incorrect Synchronization in polonel/trudesk
E S
CVE-2022-1932 Rezgo Online Booking < 4.1.8 - Reflected Cross-Site-Scripting
E
CVE-2022-1933 CDI < 5.1.9 - Reflected Cross-Site-Scripting
E
CVE-2022-1934 Use After Free in mruby/mruby
E S
CVE-2022-1935 Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions st...
S
CVE-2022-1936 Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions st...
S
CVE-2022-1937 Awin Data Feed < 1.8 - Reflected Cross-Site Scripting
E
CVE-2022-1938 Awin Data Feed < 1.8 - Unauthenticated Stored Cross-Site Scripting
E
CVE-2022-1939 Allow SVG Files < 1.1 - Admin+ Arbitrary File Upload
E
CVE-2022-1940 A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions ...
S
CVE-2022-1941 Out of Memory issue in ProtocolBuffers for cpp and python
CVE-2022-1942 Heap-based Buffer Overflow in vim/vim
E S
CVE-2022-1943 A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the...
S
CVE-2022-1944 When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/...
S
CVE-2022-1945 Coming Soon and Maintenance by Colorlib < 1.0.99 - Admin+ Stored Cross Site Scripting
E
CVE-2022-1946 Gallery < 2.0.0 - Reflected Cross-Site Scripting
E
CVE-2022-1947 Use of Incorrect Operator in polonel/trudesk
E S
CVE-2022-1948 An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Miss...
CVE-2022-1949 An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that wou...
S
CVE-2022-1950 Youzify < 1.2.0 - Unauthenticated SQLi
E
CVE-2022-1951 Core Plugin for Kitestudio Themes < 2.3.1 - Reflected Cross-Site-Scripting
E
CVE-2022-1952 eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload
E
CVE-2022-1953 Product Configurator for WooCommerce < 1.2.32 - Unauthenticated Arbitrary File Deletion
E
CVE-2022-1954 A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0...
CVE-2022-1955 Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the applicat...
E
CVE-2022-1956 Shortcut Macros <= 1.3 - Subscriber+ Arbitrary Settings Update
E
CVE-2022-1957 Comment License < 1.4.0 - Arbitrary Settings Update via CSRF
E
CVE-2022-1958 FileCloud NTFS access control
CVE-2022-1959 AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric aut...
E
CVE-2022-1960 MyCSS <= 1.1 - Arbitrary Settings Update via CSRF
E
CVE-2022-1961 The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting du...
E S
CVE-2022-1962 Stack exhaustion due to deeply nested types in go/parser
E S
CVE-2022-1963 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10....
CVE-2022-1964 Easy SVG Support < 3.3.0 - Author+ Stored Cross Site Scripting via SVG
E
CVE-2022-1965 CODESYS runtime system prone to file deletion due to improper error handling
M
CVE-2022-1966 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidat...
R
CVE-2022-1967 WP Championship < 9.3 - Multiple CSRF
E
CVE-2022-1968 Use After Free in vim/vim
E S
CVE-2022-1969 The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in ...
CVE-2022-1970 Rejected reason: The originally reported issue in https://github.com/syedsohaibkarim/OpenRedirect-Ke...
R
CVE-2022-1971 NextCellent Gallery <= 1.9.35 - Admin+ Stored XSS
E
CVE-2022-1972 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2078. Reason: This candidate...
R
CVE-2022-1973 A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS jo...
CVE-2022-1974 A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition...
S
CVE-2022-1975 There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kern...
S
CVE-2022-1976 A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with...
S
CVE-2022-1977 WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF
E
CVE-2022-1979 SourceCodester Product Show Room Site p=contact cross site scripting
CVE-2022-1980 SourceCodester Product Show Room Site cross site scripting
CVE-2022-1981 An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5...
CVE-2022-1982 A crafted SVG attachment can crash a Mattermost server
M
CVE-2022-1983 Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior t...
CVE-2022-1984 This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in ...
CVE-2022-1985 The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in version...
E S
CVE-2022-1986 OS Command Injection in gogs/gogs
E S
CVE-2022-1987 Buffer Over-read in bfabiszewski/libmobi
E S
CVE-2022-1988 Cross-site Scripting (XSS) - Generic in neorazorx/facturascripts
E S
CVE-2022-1989 CODESYS Visualization vulnerable to user enumeration
M
CVE-2022-1990 Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting
E
CVE-2022-1991 Fast Food Ordering System Master List Master.php cross site scripting
E
CVE-2022-1992 Path Traversal in gogs/gogs
E S
CVE-2022-1993 Path Traversal in gogs/gogs
E S
CVE-2022-1994 Google Authenticator < 1.0.8 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1995 miniOrange's Malware Scanner < 4.5.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-1996 Authorization Bypass Through User-Controlled Key in emicklei/go-restful
E S
CVE-2022-1997 Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis
E S
CVE-2022-1998 A use after free in the Linux kernel File System notify functionality was found in the way user trig...
S
CVE-2022-1999 An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.