CVE-2022-2xxx

There are 929 CVE in this subgroup.
Last updated: 
← Back to 2022
ID Summary Flags Max Score
CVE-2022-2000 Out-of-bounds Write in vim/vim
E S
CVE-2022-2001 The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions ...
S
CVE-2022-2002 GE CIMPLICITY Untrusted Pointer Dereference
S
CVE-2022-2003 AutomationDirect DirectLOGIC with Serial Communication Cleartext Transmission
S
CVE-2022-2004 AutomationDirect DirectLOGIC with Ethernet Communication Uncontrolled Resource Consumption
S
CVE-2022-2005 AutomationDirect C-more EA9 HMI Cleartext Transmission
S
CVE-2022-2006 AutomationDirect C-more EA9 HMI Uncontrolled Search Path Element
S
CVE-2022-2007 Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to poten...
CVE-2022-2008 Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potential...
CVE-2022-2010 Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker...
CVE-2022-2011 Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potent...
CVE-2022-2013 In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled vi...
CVE-2022-2014 Code Injection in jgraph/drawio
E S
CVE-2022-2015 Cross-site Scripting (XSS) - Stored in jgraph/drawio
E S
CVE-2022-2016 Cross-site Scripting (XSS) - Reflected in neorazorx/facturascripts
E S
CVE-2022-2017 SourceCodester Prison Management System Visit view_visit.php sql injection
CVE-2022-2018 SourceCodester Prison Management System Inmate sql injection
CVE-2022-2019 SourceCodester Prison Management System New User Creation improper authorization
E
CVE-2022-2020 SourceCodester Prison Management System System Name cross site scripting
CVE-2022-2022 Cross-site Scripting (XSS) - Stored in nocodb/nocodb
E S
CVE-2022-2023 Incorrect Use of Privileged APIs in polonel/trudesk
E S
CVE-2022-2024 OS Command Injection in gogs/gogs
E S
CVE-2022-2025 Grandstream GSD3710 Stack-based Buffer Overflow
S
CVE-2022-2026 Cross-site Scripting (XSS) - Stored in kromitgmbh/titra
E S
CVE-2022-2027 Improper Neutralization of Formula Elements in a CSV File in kromitgmbh/titra
E S
CVE-2022-2028 Cross-site Scripting (XSS) - Generic in kromitgmbh/titra
E S
CVE-2022-2029 Cross-site Scripting (XSS) - DOM in kromitgmbh/titra
E S
CVE-2022-2030 A directory traversal vulnerability caused by specific character sequences within an improperly sani...
CVE-2022-2031 A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share ...
CVE-2022-2032 Stored Cross Site-Scripting in File Manager
S
CVE-2022-2034 Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure via Rest API
E
CVE-2022-2035 A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /d...
E
CVE-2022-2036 Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis
E S
CVE-2022-2037 Excessive Attack Surface in tooljet/tooljet
E S
CVE-2022-2039 The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versi...
S
CVE-2022-2040 Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element URL
E
CVE-2022-2041 Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element Content
E
CVE-2022-2042 Use After Free in vim/vim
E S
CVE-2022-2043 MOXA NPort 5110 Out-of-bounds Write
CVE-2022-2044 MOXA NPort 5110 Out-of-bounds Write
CVE-2022-2046 Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload
E
CVE-2022-2047 In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions...
S
CVE-2022-2048 In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the erro...
CVE-2022-2049 In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the p...
S
CVE-2022-2050 WP Paginate < 2.1.9 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2052 TRUMPF TruTops default user accounts vulnerability
CVE-2022-2053 When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize...
CVE-2022-2054 Code Injection in nuitka/nuitka
E S
CVE-2022-2056 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via ...
E S
CVE-2022-2057 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via ...
E S
CVE-2022-2058 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via ...
E S
CVE-2022-2059 Stored Cross Site-Scripting in Agent Manager
S
CVE-2022-2060 Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr
E S
CVE-2022-2061 Heap-based Buffer Overflow in hpjansson/chafa
E S
CVE-2022-2062 Generation of Error Message Containing Sensitive Information in nocodb/nocodb
E S
CVE-2022-2063 Improper Privilege Management in nocodb/nocodb
E S
CVE-2022-2064 Insufficient Session Expiration in nocodb/nocodb
E S
CVE-2022-2065 Cross-site Scripting (XSS) - Stored in neorazorx/facturascripts
E S
CVE-2022-2066 Cross-site Scripting (XSS) - Reflected in neorazorx/facturascripts
E S
CVE-2022-2067 SQL Injection in francoisjacquet/rosariosis
E S
CVE-2022-2068 The c_rehash script allows command injection
CVE-2022-2069 Datalogics APDFL library Heap-based Buffer Overflow
S
CVE-2022-2070 Grandstream GSD3710 Stack-based Buffer Overflow
S
CVE-2022-2071 Name Directory < 1.25.4 - Stored Cross-Site Scripting via CSRF
E
CVE-2022-2072 Name Directory < 1.25.3 - Reflected Cross-Site Scripting
E
CVE-2022-2073 Code Injection in getgrav/grav
E S
CVE-2022-2074 In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the...
S
CVE-2022-2075 In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting...
S
CVE-2022-2076 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2022-2077 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2022-2078 A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allo...
S
CVE-2022-2079 Cross-site Scripting (XSS) - Stored in nocodb/nocodb
E S
CVE-2022-2080 Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR
E
CVE-2022-2081 A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above....
CVE-2022-2083 Simple Single Sign On <= 4.1.0 - Authentication Bypass
E
CVE-2022-2084 sensitive data exposure in cloud-init logs
S
CVE-2022-2085 A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to ren...
E S
CVE-2022-2086 SourceCodester Bank Management System login.php sql injection
E
CVE-2022-2087 SourceCodester Bank Management System cross site scripting
E
CVE-2022-2088 Elcomplus SmartICS Access Control
S
CVE-2022-2089 Bold Page Builder < 4.3.3 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2090 Woo Discount Rules < 2.4.2 - Reflected Cross-Site Scripting
E
CVE-2022-2091 Cache Images < 3.2.1 - Image Upload / Import via CSRF
E
CVE-2022-2092 WooCommerce PDF Invoices & Packing Slips < 2.16.0 - Reflected Cross-Site Scripting
E
CVE-2022-2093 WP Duplicate Page < 1.3 - Admin+ Stored Cross Site Scripting
E
CVE-2022-2094 Yellow Yard Searchbar < 2.8.2 - Reflected Cross-Site Scripting
E
CVE-2022-2095 An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15...
CVE-2022-2097 AES OCB fails to encrypt some bytes
CVE-2022-2098 Weak Password Requirements in kromitgmbh/titra
E S
CVE-2022-2099 WooCommerce < 6.6.0 - Admin+ Stored HTML Injection
E
CVE-2022-2100 Page Generator Plugin < 1.6.5 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2101 The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file...
E S
CVE-2022-2102 Secheron SEPCOS Control and Protection Relay
S
CVE-2022-2103 Secheron SEPCOS Control and Protection Relay
S
CVE-2022-2104 Secheron SEPCOS Control and Protection Relay
S
CVE-2022-2105 Secheron SEPCOS Control and Protection Relay
S
CVE-2022-2106 Elcomplus SmartICS Path Traversal
S
CVE-2022-2107 ICSA-22-200-01 MiCODUS MV720 GPS tracker Use of Hard-coded Credentials
M
CVE-2022-2108 The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized sett...
S
CVE-2022-2111 Unrestricted Upload of File with Dangerous Type in inventree/inventree
E S
CVE-2022-2112 Improper Neutralization of Formula Elements in a CSV File in inventree/inventree
E S
CVE-2022-2113 Cross-site Scripting (XSS) - Stored in inventree/inventree
E S
CVE-2022-2114 Data Tables Generator by Supsystic < 1.10.20 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2115 Popup Anything < 2.1.7 - Reflected Cross-Site Scripting
E
CVE-2022-2116 Elementor Contact Form DB < 1.8.0 - Reflected Cross-Site Scripting
E
CVE-2022-2117 The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to,...
CVE-2022-2118 404s < 3.5.1 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2119 OFFIS DCMTK Path Traversal
M
CVE-2022-2120 OFFIS DCMTK Path Traversal
M
CVE-2022-2121 OFFIS DCMTK NULL Pointer Dereference
M
CVE-2022-2122 DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux elem...
E S
CVE-2022-2123 WP Opt-in <= 1.4.1 - Arbitrary Settings Update via CSRF
E
CVE-2022-2124 Buffer Over-read in vim/vim
E S
CVE-2022-2125 Heap-based Buffer Overflow in vim/vim
E S
CVE-2022-2126 Out-of-bounds Read in vim/vim
E S
CVE-2022-2127 Samba: out-of-bounds read in winbind auth_crap
M
CVE-2022-2128 Unrestricted Upload of File with Dangerous Type in polonel/trudesk
E S
CVE-2022-2129 Out-of-bounds Write in vim/vim
E S
CVE-2022-2130 Cross-site Scripting (XSS) - Reflected in microweber/microweber
E S
CVE-2022-2131 OpenKM XXE Injection
CVE-2022-2132 A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to c...
E S
CVE-2022-2133 OAuth Single Sign On < 6.22.6 - Authentication Bypass
E
CVE-2022-2134 Allocation of Resources Without Limits or Throttling in inventree/inventree
E S
CVE-2022-2135 Advantech iView
S
CVE-2022-2136 Advantech iView
S
CVE-2022-2137 Advantech iView
S
CVE-2022-2138 Advantech iView
S
CVE-2022-2139 Advantech iView
S
CVE-2022-2140 Elcomplus SmartICS Cross-site Scripting
S
CVE-2022-2141 ICSA-22-200-01 MiCODUS MV720 GPS tracker Improper Authentication
M
CVE-2022-2142 Advantech iView
S
CVE-2022-2143 Advantech iView
E S
CVE-2022-2144 Jquery Validation For Contact Form 7 < 5.3 - Arbitrary Options Update via CSRF
E
CVE-2022-2145 Cloudlfare WARP Arbitrary File Overwrite
S
CVE-2022-2146 Import CSV Files <= 1.0 - Reflected Cross-Site Scripting
E
CVE-2022-2147 Unquoted Service Path in Cloudflare WARP for Windows
S
CVE-2022-2148 LinkedIn Company Updates <= 1.5.3 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2149 Very Simple Breadcrumb <= 1.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2151 Best Contact Management Software <= 3.7.3 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2152 Duplicate Page and Post Plugin < 2.8 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2153 A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it p...
E S
CVE-2022-2154 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-34345. Reason: This candidat...
R
CVE-2022-2155 A vulnerability exists in the Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role.
S
CVE-2022-2156 Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentia...
CVE-2022-2157 Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker ...
CVE-2022-2158 Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentiall...
CVE-2022-2160 Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allow...
E
CVE-2022-2161 Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker ...
CVE-2022-2162 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.5...
CVE-2022-2163 Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker w...
CVE-2022-2164 Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an at...
CVE-2022-2165 Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a rem...
CVE-2022-2166 Improper Restriction of Excessive Authentication Attempts in mastodon/mastodon
S
CVE-2022-2167 Newspaper < 12 - Reflected Cross-Site Scripting
E
CVE-2022-2168 Download Manager < 3.2.44 - Reflected Cross-Site Scripting
E
CVE-2022-2169 Loading Page with Loading Screen < 1.0.83 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2170 Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2171 Progressive License <= 1.1.0 - CSRF to Stored XSS
E
CVE-2022-2172 LinkWorth Plugin < 3.3.4 - Arbitrary Setting Update via CSRF
E S
CVE-2022-2173 Advanced Database Cleaner < 3.1.1 - Reflected Cross-Site Scripting
E
CVE-2022-2174 Cross-site Scripting (XSS) - Reflected in microweber/microweber
E S
CVE-2022-2175 Buffer Over-read in vim/vim
E S
CVE-2022-2176 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2022-2177 SQL Injection in Kayrasoft
S
CVE-2022-2178 XSS in Saysis' Starcities
CVE-2022-2179 ICSA-22-188-01 Rockwell Automation MicroLogix Improper Restriction of Rendered UI Layers or Frames
M
CVE-2022-2180 GREYD.SUITE < 1.2.7 - Unauthenticated File Upload to RCE
E
CVE-2022-2181 Advanced WordPress Reset < 1.6 - Reflected Cross-Site Scripting
E
CVE-2022-2182 Heap-based Buffer Overflow in vim/vim
E S
CVE-2022-2183 Out-of-bounds Read in vim/vim
E S
CVE-2022-2184 CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF
E
CVE-2022-2185 A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14...
CVE-2022-2186 Simple Post Notes < 1.7.6 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2187 Contact Form 7 Captcha < 0.1.2 - Reflected Cross-Site Scripting
E
CVE-2022-2188 DXL Broker privilege escalation vulnerability
CVE-2022-2189 WP Video Lightbox < 1.9.5 - Reflected Cross-Site Scripting
E
CVE-2022-2190 Envira Gallery Lite < 1.8.4.7 - Reflected Cross-Site Scripting
E
CVE-2022-2191 In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does no...
E
CVE-2022-2192 Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a v...
CVE-2022-2193 Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote au...
CVE-2022-2194 Accept Stripe Payments < 2.0.64 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2196 Speculative execution attacks in KVM VMX
S
CVE-2022-2197 Exemys RME1
S
CVE-2022-2198 WPQA < 5.7 - Subscriber+ Private Message Disclosure via IDOR
E
CVE-2022-2199 ICSA-22-200-01 MiCODUS MV720 GPS tracker Cross-site Scripting
M
CVE-2022-2200 If an object prototype was corrupted by an attacker, they would have been able to set undesired attr...
CVE-2022-2206 Out-of-bounds Read in vim/vim
E S
CVE-2022-2207 Heap-based Buffer Overflow in vim/vim
E S
CVE-2022-2208 NULL Pointer Dereference in vim/vim
E S
CVE-2022-2209 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was inco...
R
CVE-2022-2210 Out-of-bounds Write in vim/vim
E S
CVE-2022-2211 A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible n...
CVE-2022-2212 SourceCodester Library Management System /card/index.php unrestricted upload
E
CVE-2022-2213 SourceCodester Library Management System cross site scripting
CVE-2022-2214 SourceCodester Library Management System bookdetails.php sql injection
E
CVE-2022-2215 GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2216 Server-Side Request Forgery (SSRF) in ionicabizau/parse-url
E S
CVE-2022-2217 Cross-site Scripting (XSS) - Generic in ionicabizau/parse-url
E S
CVE-2022-2218 Cross-site Scripting (XSS) - Stored in ionicabizau/parse-url
E S
CVE-2022-2219 Unyson < 2.7.27 - Reflected Cross-Site Scripting
E
CVE-2022-2220 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2022-2221 Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager befo...
CVE-2022-2222 Download Monitor < 4.5.91 - Admin+ Arbitrary File Download
E
CVE-2022-2223 The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and...
S
CVE-2022-2224 The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in version...
S
CVE-2022-2225 Zero Trust Secure Web Gateway policies bypass using WARP client subcommands
S
CVE-2022-2226 An OpenPGP digital signature includes information about the date when the signature was created. Whe...
CVE-2022-2227 Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10...
CVE-2022-2228 Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 1...
CVE-2022-2229 An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 1...
CVE-2022-2230 A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting a...
CVE-2022-2231 NULL Pointer Dereference in vim/vim
E S
CVE-2022-2232 Keycloak: ldap injection on username input
M
CVE-2022-2233 The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to...
S
CVE-2022-2234 mySCADA myPRO Command Injection
S
CVE-2022-2235 Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 pri...
CVE-2022-2237 A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Op...
CVE-2022-2238 A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kub...
CVE-2022-2239 Request a Quote < 2.3.9 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2240 Request a Quote <= 2.3.7 - CSV Injection
E
CVE-2022-2241 Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF
E
CVE-2022-2242 KUKA V/KSS WoV SH access control vulnerability
M
CVE-2022-2243 An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 1...
CVE-2022-2244 An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14...
CVE-2022-2245 Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF
E
CVE-2022-2246 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was inco...
R
CVE-2022-2249 Avaya Aura Communication Manager Privilege Escalation Vulnerabilities
CVE-2022-2250 An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15...
CVE-2022-2251 Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 ...
E
CVE-2022-2252 Open Redirect in microweber/microweber
E S
CVE-2022-2253 Distributed Data Systems WebHMI OS Command Injection
M
CVE-2022-2254 Distributed Data Systems WebHMI Cross-site Scripting
M
CVE-2022-2255 A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an ...
E
CVE-2022-2256 A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single...
CVE-2022-2257 Out-of-bounds Read in vim/vim
E S
CVE-2022-2258 In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being expli...
CVE-2022-2259 In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being e...
CVE-2022-2260 GiveWP < 2.21.3 - DoS via CSRF
E
CVE-2022-2261 WPide < 3.0 - Admin+ Local File Inclusion
E
CVE-2022-2262 Online Hotel Booking System Room edit_all_room.php sql injection
E
CVE-2022-2263 Online Hotel Booking System Room edit_room_cat.php sql injection
E
CVE-2022-2264 Heap-based Buffer Overflow in vim/vim
E S
CVE-2022-2265 Path traversal in Identity and Directory Management System
S
CVE-2022-2266 Reflected XSS University Library Automation System
S
CVE-2022-2267 MailChimp for Woocommerce < 2.7.1 - Subscriber+ SSRF
E
CVE-2022-2268 WP All Import < 3.6.8 - Admin+ Arbitrary File Upload
E
CVE-2022-2269 Website File Changes Monitor < 1.8.3 - Admin+ SQLi
E
CVE-2022-2270 An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all...
CVE-2022-2271 WP Database Backup < 5.9 - Admin+ Stored Cross-Site Scripting
CVE-2022-2272 This vulnerability allows remote attackers to bypass authentication on affected installations of San...
CVE-2022-2273 Simple Membership < 4.1.3 - Membership Privilege Escalation
E
CVE-2022-2274 RSA implementation bug in AVX512IFMA instructions
E
CVE-2022-2275 WP Edit Menu <= 1.5.0 - Arbitrary Post Deletion via CSRF
E
CVE-2022-2276 WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion
E S
CVE-2022-2277 A vulnerability exists in the ICCP stack of the affected SYS600 versions due to validation flaw in the process that establishes the ICCP communication. The validation flaw will cause a denial-of-service when ICCP of SYS600 is request to forward any da ...
S
CVE-2022-2278 Featured Image from URL < 4.0.1 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2279 NULL Pointer Dereference in bfabiszewski/libmobi
E S
CVE-2022-2280 Cross-site Scripting (XSS) - Stored in microweber/microweber
E S
CVE-2022-2281 An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10...
CVE-2022-2282 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was inco...
R
CVE-2022-2283 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2022-2284 Heap-based Buffer Overflow in vim/vim
E S
CVE-2022-2285 Integer Overflow or Wraparound in vim/vim
E S
CVE-2022-2286 Out-of-bounds Read in vim/vim
E S
CVE-2022-2287 Out-of-bounds Read in vim/vim
E S
CVE-2022-2288 Out-of-bounds Write in vim/vim
E S
CVE-2022-2289 Use After Free in vim/vim
E S
CVE-2022-2290 Cross-site Scripting (XSS) - Reflected in zadam/trilium
E S
CVE-2022-2291 SourceCodester Hotel Management System Search search cross site scripting
E
CVE-2022-2292 SourceCodester Hotel Management System Room Edit Page 1 cross site scripting
E
CVE-2022-2293 SourceCodester Simple Sales Management System create cross site scripting
E
CVE-2022-2294 Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to...
KEV
CVE-2022-2295 Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potential...
CVE-2022-2296 Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a re...
CVE-2022-2297 SourceCodester Clinics Patient Management System unrestricted upload
E
CVE-2022-2298 SourceCodester Clinics Patient Management System Login Page index.php sql injection
CVE-2022-2299 Allow SVG Files <= 1.1 - Author+ Stored Cross Site Scripting via SVG
E
CVE-2022-2300 Cross-site Scripting (XSS) - Stored in microweber/microweber
E S
CVE-2022-2301 Buffer Over-read in hpjansson/chafa
E S
CVE-2022-2302 LENZE: Missing password verification in authorisation procedure
M
CVE-2022-2303 An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions star...
CVE-2022-2304 Stack-based Buffer Overflow in vim/vim
E S
CVE-2022-2305 WordPress Popup <= 1.9.3.8 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2306 Insufficient Session Expiration in heroiclabs/nakama
E S
CVE-2022-2307 A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5,...
CVE-2022-2308 A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to...
CVE-2022-2309 NULL Pointer Dereference in lxml/lxml
E S
CVE-2022-2310 Skyhigh SWG Authentication bypass vulnerability
CVE-2022-2311 Find and Replace All < 1.3 - Reflected Cross Site Scripting
E
CVE-2022-2312 Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRF
E
CVE-2022-2313 DLL high jacking in Trellix Agent
CVE-2022-2314 VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call
E
CVE-2022-2315 SQL Injection in Database Accreditation System
S
CVE-2022-2316 HTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers...
CVE-2022-2317 Simple Membership < 4.1.3 - Unauthenticated Membership Privilege Escalation
E
CVE-2022-2318 There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux t...
S
CVE-2022-2319 A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGe...
S
CVE-2022-2320 A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetD...
S
CVE-2022-2321 Improper Restriction of Excessive Authentication Attempts in heroiclabs/nakama
E S
CVE-2022-2323 Improper neutralization of special elements used in a user input allows an authenticated malicious u...
CVE-2022-2324 Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to ...
CVE-2022-2325 Invitation Based Registrations <= 2.2.84 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2326 An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions star...
CVE-2022-2327 Use-after-free in io_uring ad work_flags in Linux Kernel
S
CVE-2022-2328 Flexi Quote Rotator <= 0.9.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2329 A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer ov...
S
CVE-2022-2330 XXE vulnerability in DLP Endpoint for Windows
CVE-2022-2331 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2022-2332 Honeywell SoftMaster Incorrect Permission Assignment for Critical Resource
S
CVE-2022-2333 Honeywell SoftMaster Uncontrolled Search Path Element
S
CVE-2022-2334 Softing Secure Integration Server Uncontrolled Search Path Element
S
CVE-2022-2335 Softing Secure Integration Server Integer Underflow
S
CVE-2022-2336 Softing Secure Integration Server Improper Authentication
S
CVE-2022-2337 Softing Secure Integration Server NULL Pointer Dereference
S
CVE-2022-2338 Softing Secure Integration Server Cleartext Transmission of Sensitive Information
S
CVE-2022-2339 Server-Side Request Forgery (SSRF) in nocodb/nocodb
E S
CVE-2022-2340 W-DALIL <= 2.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2341 Simple Page Transition <= 1.4.1 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2342 Cross-site Scripting (XSS) - Stored in outline/outline
E S
CVE-2022-2343 Heap-based Buffer Overflow in vim/vim
E S
CVE-2022-2344 Heap-based Buffer Overflow in vim/vim
E S
CVE-2022-2345 Use After Free in vim/vim
E S
CVE-2022-2346 In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact wi...
CVE-2022-2347 Unchecked Download size in Uboot
E
CVE-2022-2348 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2022-2349 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2022-2350 Disable User Login <= 1.0.1 - Unauthenticated Settings Update
E
CVE-2022-2351 Post SMTP < 2.1.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2352 Post SMTP < 2.1.7 - Admin+ Blind SSRF
E S
CVE-2022-2353 Cross-Site Request Forgery (CSRF) in microweber/microweber
E S
CVE-2022-2354 WP-DBManager < 2.80.8 - Admin+ Remote Command Execution
E
CVE-2022-2355 Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF
E
CVE-2022-2356 User Private Files < 1.1.3 - Subscriber+ Arbitrary File Upload
E
CVE-2022-2357 WSM Downloader <= 1.4.0 - Unauthenticated Arbitrary File Download
E
CVE-2022-2361 Social Chat < 6.0.5 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2362 Download Manager < 3.2.50 - Bypass IP Address Blocking Restriction
E
CVE-2022-2363 SourceCodester Simple Parking Management System cross site scripting
CVE-2022-2364 SourceCodester Simple Parking Management System category cross site scripting
CVE-2022-2365 Cross-site Scripting (XSS) - Stored in zadam/trilium
E S
CVE-2022-2366 Incorrect defaults can cause attackers to bypass rate limitations
CVE-2022-2367 WSM Downloader <= 1.4.0 - Domain Name Restriction Bypass
E
CVE-2022-2368 Authentication Bypass by Spoofing in microweber/microweber
E S
CVE-2022-2369 YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure
E
CVE-2022-2370 YaySMTP < 2.2.1 - Subscriber+ SMTP Credentials Leak
E
CVE-2022-2371 YaySMTP < 2.2.1 - Subscriber+ Stored Cross-Site Scripting
E
CVE-2022-2372 YaySMTP < 2.2.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2373 Simply Schedule Appointments < 1.5.7.7 - Unauthenticated Email Address Disclosure
E
CVE-2022-2374 Simply Schedule Appointments < 1.5.7.7 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2375 WP Sticky Button < 1.4.1 - Unauthenticated Arbitrary Settings Update to Stored XSS
E
CVE-2022-2376 Directorist < 7.3.1 - Unauthenticated Email Address Disclosure
E
CVE-2022-2377 Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending
E
CVE-2022-2378 Easy Student Results <= 2.2.8 - Reflected Cross-Site Scripting
E
CVE-2022-2379 Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API
E
CVE-2022-2380 The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb...
S
CVE-2022-2381 E Unlocked - Student Result <= 1.0.4 - Arbitrary File Upload via CSRF
E
CVE-2022-2382 Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion
E
CVE-2022-2383 Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting
E
CVE-2022-2384 Digital Publications by Supsystic < 1.7.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2385 AccessKeyID validation bypass
M
CVE-2022-2386 Crowdsignal Polls & Ratings < 3.0.8 - Reflected Cross-Site Scripting
E
CVE-2022-2387 Easy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF
E
CVE-2022-2388 WP Coder < 2.5.3 - Code Deletion via CSRF
E
CVE-2022-2389 Automations By Autonami < 2.1.2 - Subscriber+ Automation Creation
E
CVE-2022-2390 Mutable pending intent in Google Play services SDK
CVE-2022-2391 Inspiro Pro < 7.2.3 - Contributor+ Stored Cross-Site Scripting
E
CVE-2022-2392 Lana Downloads Manager < 1.8.0 - Contributor+ Arbitrary File Download
E
CVE-2022-2393 A flaw was found in pki-core, which could allow a user to get a certificate for another user identit...
CVE-2022-2394 Sensitive Parameter Exposure in Puppet Bolt prior to 3.24
CVE-2022-2395 weForms < 1.6.14 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2396 SourceCodester Simple e-Learning System claire_blake cross site scripting
E
CVE-2022-2398 WP Comments Fields < 4.1 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2399 Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potent...
E S
CVE-2022-2400 External Control of File Name or Path in dompdf/dompdf
E S
CVE-2022-2401 Team members could access sensitive information of other users via an API call
S
CVE-2022-2402 Stack Overflow in ESET Endpoint Encryption and ESET Full Disk Encryption for Windows
CVE-2022-2403 A credentials leak was found in the OpenShift Container Platform. The private key for the external c...
S
CVE-2022-2404 WP Popup Builder < 1.2.9 - Reflected Cross-Site Scripting
E S
CVE-2022-2405 WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion
E
CVE-2022-2406 Malicious imports can lead to Denial of Service
S
CVE-2022-2407 WP phpMyAdmin < 5.2.0.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2408 Guest accounts can list all public channels
S
CVE-2022-2409 Rough Chart <= 1.0.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2410 mTouch Quiz <= 3.1.3 - Admin+ Stored Cross Site Scripting
E
CVE-2022-2411 Auto More Tag <= 4.0.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2412 Better Tag Cloud <= 0.99.5 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2413 Slide Anything < 2.3.47 - Author+ Cross Site Scripting in slide title
E
CVE-2022-2414 Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks...
S
CVE-2022-2415 Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to p...
CVE-2022-2416 In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a req...
CVE-2022-2417 Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prio...
CVE-2022-2418 URVE Web Manager img_upload.php unrestricted upload
E
CVE-2022-2419 URVE Web Manager upload.php unrestricted upload
E
CVE-2022-2420 URVE Web Manager uploader.php unrestricted upload
E
CVE-2022-2421 Socket.io - Improper type validation in attachment parsing
CVE-2022-2422 Feathers - SQL injection via attribute aliases
CVE-2022-2423 DW Promobar <= 1.0.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2424 Google Maps Anywhere <= 1.2.6.3 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2425 WP DS Blog Map <= 3.1.3 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2426 Thinkific Uploader <= 1.0.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2428 A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 1...
CVE-2022-2429 Ultimate SMS Notifications for WooCommerce <= 1.4.1 - CSV Injection
CVE-2022-2430 Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Text Block'
S
CVE-2022-2431 Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion
E S
CVE-2022-2432 Ecwid Ecommerce Shopping Cart <= 6.10.23 - Cross-Site Request Forgery to Settings/Options Update
E S
CVE-2022-2433 The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization...
S
CVE-2022-2434 The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the ...
S
CVE-2022-2435 The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t...
CVE-2022-2436 The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via th...
S
CVE-2022-2437 The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to dese...
S
CVE-2022-2438 The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via...
S
CVE-2022-2439 Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 3.3.3 - Authenticated (Admin+) PHAR Deserialization
S
CVE-2022-2440 Theme Editor <= 2.8 - Authenticated (Admin+) PHAR Deserialization
CVE-2022-2441 The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path...
E S
CVE-2022-2442 The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of un...
S
CVE-2022-2443 The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions...
CVE-2022-2444 The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deseri...
S
CVE-2022-2445 Rejected reason: Incorrectly assigned CVE. Not a valid issue....
R
CVE-2022-2446 WP Editor <= 1.2.9 - Authenticated (Admin+) PHAR Deserialization
S
CVE-2022-2447 A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) betwee...
E
CVE-2022-2448 reSmush.it Image Optimizer < 0.4.6 - Admin+ Cross-Site Scripting
E
CVE-2022-2449 reSmush.it Image Optimizer < 0.4.7 - Multiple CSRF
E
CVE-2022-2450 reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls
E
CVE-2022-2453 Use After Free in gpac/gpac
E S
CVE-2022-2454 Integer Overflow or Wraparound in gpac/gpac
E S
CVE-2022-2455 A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10...
CVE-2022-2456 An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions star...
CVE-2022-2457 A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute ...
CVE-2022-2458 XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an a...
CVE-2022-2459 An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions startin...
CVE-2022-2460 WPDating < 7.4.0 - Multiple Unauthenticated SQLi
E
CVE-2022-2461 The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting chang...
E S
CVE-2022-2462 The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disc...
E S
CVE-2022-2463 ISaGRAF Workbench Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22
S
CVE-2022-2464 ISaGRAF Workbench Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22
S
CVE-2022-2465 ISaGRAF Workbench Deserialization of Untrusted Data CWE-502
S
CVE-2022-2466 It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to u...
E
CVE-2022-2467 SourceCodester Garage Management System login.php sql injection
E
CVE-2022-2468 SourceCodester Garage Management System editbrand.php sql injection
E
CVE-2022-2469 GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client...
S
CVE-2022-2470 Cross-site Scripting (XSS) - Reflected in microweber/microweber
E S
CVE-2022-2471 Stack-Based Buffer Overflow Vulnerability in the EZVIZ Motion Detection component
S
CVE-2022-2472 Improper Initialization vulnerability in local server authentication logic
S
CVE-2022-2473 The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templat...
E S
CVE-2022-2474 Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “E...
CVE-2022-2475 Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using th...
CVE-2022-2476 A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSani...
E
CVE-2022-2477 Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convin...
CVE-2022-2478 Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentia...
CVE-2022-2479 Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.1...
CVE-2022-2480 Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attac...
CVE-2022-2481 Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convi...
CVE-2022-2482 A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102...
S
CVE-2022-2483 The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) load...
S
CVE-2022-2484 The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed ...
S
CVE-2022-2485 AutomationDirect Stride Field I/O Cleartext Transmission of Sensitive Information
S
CVE-2022-2486 WAVLINK WN535K2/WN535K3 os command injection
E
CVE-2022-2487 WAVLINK WN535K2/WN535K3 nightled.cgi os command injection
E
CVE-2022-2488 WAVLINK WN535K2/WN535K3 touchlist_sync.cgi os command injection
E
CVE-2022-2489 SourceCodester Simple E-Learning System classRoom.php sql injection
E
CVE-2022-2490 SourceCodester Simple E-Learning System search.php sql injection
E
CVE-2022-2491 SourceCodester Library Management System lab.php sql injection
E
CVE-2022-2492 SourceCodester Library Management System index.php sql injection
E
CVE-2022-2493 Data Access from Outside Expected Data Manager Component in openemr/openemr
E S
CVE-2022-2494 Cross-site Scripting (XSS) - Stored in openemr/openemr
E S
CVE-2022-2495 Cross-site Scripting (XSS) - Stored in microweber/microweber
E S
CVE-2022-2497 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5...
CVE-2022-2498 An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15...
CVE-2022-2499 An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, ...
CVE-2022-2500 A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0....
CVE-2022-2501 An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1...
CVE-2022-2502 A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU50...
S
CVE-2022-2503 Linux Kernel LoadPin bypass via dm-verity table reload
E S
CVE-2022-2504 SQLi in SDD-Baro
S
CVE-2022-2505 Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. ...
CVE-2022-2507 In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage...
CVE-2022-2508 In affected versions of Octopus Server it is possible to reveal the existence of resources in a spac...
CVE-2022-2509 A vulnerability found in gnutls. This security flaw happens because of a double free error occurs du...
CVE-2022-2510 Potential XSS on Special:SearchCenter
S
CVE-2022-2511 Potential XSS in title URL parameter
S
CVE-2022-2512 An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5...
CVE-2022-2513 Cleartext Credentials Vulnerability on Hitachi Energy’s Multiple IED Connectivity Packages (IED ConnPacks) and PCM600 Products
S
CVE-2022-2514 Cross-site Scripting (XSS) - Reflected in beancount/fava
E S
CVE-2022-2515 The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `pro_ver...
E S
CVE-2022-2516 Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Title'
S
CVE-2022-2517 Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Caption - On Hover
CVE-2022-2518 The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forge...
CVE-2022-2519 There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1...
E S
CVE-2022-2520 A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcr...
E S
CVE-2022-2521 It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at t...
E S
CVE-2022-2522 Heap-based Buffer Overflow in vim/vim
E S
CVE-2022-2523 Cross-site Scripting (XSS) - Reflected in beancount/fava
E S
CVE-2022-2525 Improper Restriction of Excessive Authentication Attempts in janeczku/calibre-web
E S
CVE-2022-2526 A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() fun...
S
CVE-2022-2527 An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting f...
CVE-2022-2528 In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insu...
CVE-2022-2529 Multiple DoS Attack Vectors in sflow packet handling
S
CVE-2022-2530 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2022-2531 An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, a...
CVE-2022-2532 Feed Them Social < 3.0.1 - Reflected Cross-Site Scripting
E
CVE-2022-2533 An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all...
CVE-2022-2534 An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5,...
CVE-2022-2535 SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure
E
CVE-2022-2536 The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting chang...
E
CVE-2022-2537 WooCommerce PDF Invoices & Packing Slips < 3.0.1 - Reflected Cross-Site Scripting
E
CVE-2022-2538 WP Hide & Security Enhancer < 1.8 - Reflected Cross-Site Scripting
E
CVE-2022-2539 An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0...
CVE-2022-2540 The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Si...
S
CVE-2022-2541 The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Si...
S
CVE-2022-2542 The uContext for Clickbank plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross...
S
CVE-2022-2543 Visual Portfolio < 2.18.0 - Unauthenticated CSS Injection
E
CVE-2022-2544 Ninja Job Board < 1.3.3 - Resume Disclosure via Directory Listing
E S
CVE-2022-2546 All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS
E
CVE-2022-2547 Softing Secure Integration Server NULL Pointer Dereference
S
CVE-2022-2549 NULL Pointer Dereference in gpac/gpac
E S
CVE-2022-2550 OS Command Injection in hestiacp/hestiacp
E S
CVE-2022-2551 Duplicator < 1.4.7 - Unauthenticated Backup Download
E
CVE-2022-2552 Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure
E
CVE-2022-2553 The authfile directive in the booth config file is ignored, preventing use of authentication in comm...
S
CVE-2022-2554 Enable Media Replace < 4.0.0 - Admin+ Path Traversal
E
CVE-2022-2555 Yotpo Reviews for WooCommerce <= 2.0.4 - Arbitrary Settings Update via CSRF
E
CVE-2022-2556 MailChimp for Woocommerce < 2.7.2 - Admin+ SSRF
E
CVE-2022-2557 WordPress Team Members Showcase < 4.1.2 - Subscriber+ Arbitrary File Read and Deletion
E
CVE-2022-2558 Simple Job Board < 2.10.0 - Resume Disclosure via Directory Listing
E
CVE-2022-2559 Fluent Support < 1.5.8 - Admin+ SQLi
E
CVE-2022-2560 This vulnerability allows remote attackers to delete arbitrary files on affected installations of En...
CVE-2022-2561 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OP...
CVE-2022-2563 Tutor LMS < 2.0.10 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2564 Prototype Pollution in automattic/mongoose
E S
CVE-2022-2565 Best Payments Plugin for WP < 4.2.1 - Unauthenticated Stored Cross-Site Scripting
E
CVE-2022-2566 Heap-memory write in FFMPEG
S
CVE-2022-2567 Form Builder CP < 1.2.32 - Admin+ Stored Cross-Site Scripting
E S
CVE-2022-2568 A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote ...
E
CVE-2022-2569 ARC Informatique PcVue
S
CVE-2022-2570 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2022-2571 Heap-based Buffer Overflow in vim/vim
E S
CVE-2022-2572 In affected versions of Octopus Server where access is managed by an external authentication provide...
CVE-2022-2574 Meks Easy Social Share < 1.2.8 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2575 WBW Currency Switcher for WooCommerce < 1.6.6 - Admin+ Stored XSS
E
CVE-2022-2576 In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back...
E
CVE-2022-2577 SourceCodester Garage Management System edituser.php sql injection
E
CVE-2022-2578 SourceCodester Garage Management System createUser.php access control
E
CVE-2022-2579 SourceCodester Garage Management System createUser.php cross site scripting
CVE-2022-2580 Heap-based Buffer Overflow in vim/vim
E S
CVE-2022-2581 Out-of-bounds Read in vim/vim
E S
CVE-2022-2582 Exposure of unencrypted plaintext hash in github.com/aws/aws-sdk-go
E S
CVE-2022-2583 Race condition in github.com/ntbosscher/gobase
S
CVE-2022-2584 Panic when decoding invalid blocks in github.com/ipld/go-codec-dagpb
S
CVE-2022-2585 It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left ...
S
CVE-2022-2586 It was discovered that a nft object or expression could reference a nft set on a different nft table...
KEV E S
CVE-2022-2587 Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 ...
CVE-2022-2588 It was discovered that the cls_route filter implementation in the Linux kernel would not remove an o...
E S
CVE-2022-2589 Cross-site Scripting (XSS) - Reflected in beancount/fava
E S
CVE-2022-2590 A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write ...
CVE-2022-2591 TEM FLEX-1085 reboot denial of service
E
CVE-2022-2592 A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to ...
CVE-2022-2593 Better Search and Replace < 1.4.1 - Admin+ SQLi
E
CVE-2022-2594 Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload
E
CVE-2022-2595 Improper Authorization in kromitgmbh/titra
E S
CVE-2022-2596 Inefficient Regular Expression Complexity in node-fetch/node-fetch
E S
CVE-2022-2597 Visual Portfolio < 2.19.0 - Contributor+ CSS Injection
E
CVE-2022-2598 Out-of-bounds Write to API in vim/vim
E S
CVE-2022-2599 Anti-Malware Security and Brute-Force Firewall < 4.21.83 - Reflected Cross-Site Scripting
E
CVE-2022-2600 Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing
E
CVE-2022-2601 A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to...
CVE-2022-2602 io_uring UAF, Unix SCM garbage collection...
CVE-2022-2603 Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to poten...
CVE-2022-2604 Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to...
CVE-2022-2605 Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to pote...
CVE-2022-2606 Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attac...
CVE-2022-2607 Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote at...
CVE-2022-2608 Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remot...
CVE-2022-2609 Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote...
CVE-2022-2610 Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed ...
CVE-2022-2611 Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 al...
CVE-2022-2612 Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a...
CVE-2022-2613 Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attack...
CVE-2022-2614 Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to ...
CVE-2022-2615 Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote ...
CVE-2022-2616 Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an at...
CVE-2022-2617 Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who con...
CVE-2022-2618 Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allo...
CVE-2022-2619 Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allow...
CVE-2022-2620 Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attack...
CVE-2022-2621 Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinc...
E
CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104...
CVE-2022-2623 Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attack...
CVE-2022-2624 Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who co...
CVE-2022-2625 A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary obj...
CVE-2022-2626 Incorrect Privilege Assignment in hestiacp/hestiacp
E S
CVE-2022-2627 Newspaper < 12 - Reflected Cross-Site Scripting
E
CVE-2022-2628 DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2629 Top Bar < 3.0.4 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2630 An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15...
CVE-2022-2631 Improper Access Control in tooljet/tooljet
E S
CVE-2022-2633 The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blin...
S
CVE-2022-2634 Digi ConnectPort X2D
M
CVE-2022-2635 Autoptimize < 3.1.1 - Admin+ Stored Cross Site Scripting
E
CVE-2022-2636 Code Injection in hestiacp/hestiacp
E S
CVE-2022-2637 Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter
CVE-2022-2638 Export All URLs < 4.4 - Admin+ Arbitrary System File Removal
E
CVE-2022-2639 An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large num...
E S
CVE-2022-2640 The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak ...
S
CVE-2022-2641 Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. T...
S
CVE-2022-2642 Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an at...
S
CVE-2022-2643 SourceCodester Online Admission System POST Parameter sql injection
E
CVE-2022-2644 SourceCodester Online Admission System GET Parameter sql injection
E
CVE-2022-2645 SourceCodester Garage Management System edituser.php cross site scripting
CVE-2022-2646 SourceCodester Online Admission System index.php cross site scripting
E
CVE-2022-2647 jeecg-boot unrestricted upload
CVE-2022-2648 SourceCodester Multi Language Hotel Management Software sql injection
E
CVE-2022-2650 Improper Restriction of Excessive Authentication Attempts in wger-project/wger
E S
CVE-2022-2651 Authentication Bypass by Primary Weakness in bookwyrm-social/bookwyrm
E S
CVE-2022-2652 Use of Externally-Controlled Format String in umlaeute/v4l2loopback
E S
CVE-2022-2653 Path Traversal in plankanban/planka
E S
CVE-2022-2654 Classima < 2.1.11 - Reflected Cross-Site Scripting
E
CVE-2022-2655 Classified Listing Pro < 2.0.20 - Reflected Cross-Site Scripting
E
CVE-2022-2656 SourceCodester Multi Language Hotel Management Software sql injection
E
CVE-2022-2657 Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX Calls
E
CVE-2022-2658 WP Spell Check < 9.13 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2660 Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-c...
S
CVE-2022-2661 Sequi PortBloque S Improper Authorization
M
CVE-2022-2662 Sequi PortBloque S Improper Authentication
M
CVE-2022-2663 An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confuse...
E
CVE-2022-2664 Private Cloud Management Platform POST Request global_config_query improper authentication
CVE-2022-2665 SourceCodester Simple E-Learning System classroom.php sql injection
CVE-2022-2666 SourceCodester Loan Management System login.php sql injection
E
CVE-2022-2667 SourceCodester Loan Management System delete_lplan.php sql injection
E
CVE-2022-2668 An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML pro...
CVE-2022-2669 WP Taxonomy Import <= 1.0.4 - Reflected Cross-Site Scripting
E
CVE-2022-2671 SourceCodester Garage Management System removeUser.php sql injection
CVE-2022-2672 SourceCodester Garage Management System createUser.php sql injection
CVE-2022-2673 Rigatur Online Booking and Hotel Management System POST Request login.php sql injection
CVE-2022-2674 SourceCodester Best Fee Management System admin_class.php login sql injection
CVE-2022-2675 Unitree Go 1 "Robot Dog" Unauthenticated Remote Power Down
CVE-2022-2676 SourceCodester Electronic Medical Records System POST Request sql injection
E
CVE-2022-2677 SourceCodester Apartment Visitor Management System index.php sql injection
E
CVE-2022-2678 SourceCodester Alphaware Simple E-Commerce System Background Management Page admin_feature.php unrestricted upload
E
CVE-2022-2679 SourceCodester Interview Management System viewReport.php sql injection
E
CVE-2022-2680 SourceCodester Church Management System login.php sql injection
E
CVE-2022-2681 SourceCodester Online Student Admission System Student User Page edit-profile.php cross site scripting
E
CVE-2022-2682 SourceCodester Alphaware Simple E-Commerce System stockin.php cross site scripting
E
CVE-2022-2683 SourceCodester Simple Food Ordering System login.php cross site scripting
E
CVE-2022-2684 SourceCodester Apartment Visitor Management System manage-apartment.php cross site scripting
E
CVE-2022-2685 SourceCodester Interview Management System addQuestion.php cross site scripting
E
CVE-2022-2686 oretnom23 Fast Food Ordering System Menu List Page cross site scripting
E
CVE-2022-2687 SourceCodester Gym Management System sql injection
E
CVE-2022-2688 SourceCodester Expense Management System POST Parameter report.php fetch_report_credit sql injection
CVE-2022-2689 SourceCodester Wedding Hall Booking System Contact Page cross site scripting
E
CVE-2022-2690 SourceCodester Wedding Hall Booking System Booking Form cross site scripting
E
CVE-2022-2691 SourceCodester Wedding Hall Booking System Profile Page cross site scripting
E
CVE-2022-2692 SourceCodester Wedding Hall Booking System Staff User Profile cross site scripting
E
CVE-2022-2693 SourceCodester Electronic Medical Records System UPDATE Statement register.php sql injection
E
CVE-2022-2694 SourceCodester Company Website CMS unrestricted upload
E
CVE-2022-2695 Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via 'caption'
CVE-2022-2696 The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to...
S
CVE-2022-2697 SourceCodester Simple E-Learning System comment_frame.php sql injection
E
CVE-2022-2698 SourceCodester Simple E-Learning System search.php sql injection
E
CVE-2022-2699 SourceCodester Simple E-Learning System claire_blake sql injection
E
CVE-2022-2700 SourceCodester Gym Management System GET Parameter sql injection
E
CVE-2022-2701 SourceCodester Simple E-Learning System claire_blake cross site scripting
E
CVE-2022-2702 SourceCodester Company Website CMS Cookie site-settings.php access control
E
CVE-2022-2703 SourceCodester Gym Management System Exercises Module sql injection
E
CVE-2022-2704 SourceCodester Simple E-Learning System downloadFiles.php information disclosure
E
CVE-2022-2705 SourceCodester Simple Student Information System manage_department.php sql injection
E
CVE-2022-2706 SourceCodester Online Class and Exam Scheduling System class_sched.php sql injection
E
CVE-2022-2707 SourceCodester Online Class and Exam Scheduling System faculty_sched.php sql injection
E
CVE-2022-2708 SourceCodester Gym Management System login.php sql injection
CVE-2022-2709 Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2710 Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting
E S
CVE-2022-2711 WP All Import < 3.6.9 - Admin+ Directory traversal via file upload
E
CVE-2022-2712 In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal be...
CVE-2022-2713 Insufficient Session Expiration in cockpit-hq/cockpit
E S
CVE-2022-2714 Improper Handling of Length Parameter Inconsistency in francoisjacquet/rosariosis
S
CVE-2022-2715 SourceCodester Employee Management System eloginwel.php sql injection
E
CVE-2022-2716 Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Text Editor
CVE-2022-2717 The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerabl...
S
CVE-2022-2718 The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerabl...
S
CVE-2022-2719 In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was mad...
S
CVE-2022-2720 In affected versions of Octopus Server it was identified that when a sensitive value is a substring ...
CVE-2022-2721 In affected versions of Octopus Server it is possible for target discovery to print certain values m...
CVE-2022-2722 SourceCodester Simple Student Information System manage_course.php sql injection
E
CVE-2022-2723 SourceCodester Employee Management System eprocess.php sql injection
E
CVE-2022-2724 SourceCodester Employee Management System aprocess.php sql injection
E
CVE-2022-2725 SourceCodester Company Website CMS add-blog.php cross site scripting
CVE-2022-2726 SEMCMS Ant_Check.php sql injection
CVE-2022-2727 SourceCodester Gym Management System login.php sql injection
E
CVE-2022-2728 SourceCodester Gym Management System index.php sql injection
E
CVE-2022-2729 Cross-site Scripting (XSS) - DOM in openemr/openemr
E S
CVE-2022-2730 Authorization Bypass Through User-Controlled Key in openemr/openemr
E S
CVE-2022-2731 Cross-site Scripting (XSS) - Reflected in openemr/openemr
E S
CVE-2022-2732 Missing Authorization in openemr/openemr
E S
CVE-2022-2733 Cross-site Scripting (XSS) - Reflected in openemr/openemr
E S
CVE-2022-2734 Improper Restriction of Rendered UI Layers or Frames in openemr/openemr
E S
CVE-2022-2735 A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Un...
S
CVE-2022-2736 SourceCodester Company Website CMS Background Upload Logo Icon updatelogo.php unrestricted upload
CVE-2022-2737 WP STAGING < 2.9.18 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2738 The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory ...
CVE-2022-2739 The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory ...
CVE-2022-2740 SourceCodester Company Website CMS Add Blog add-blog.php unrestricted upload
CVE-2022-2741 can: denial-of-service can be triggered by a crafted CAN frame
S
CVE-2022-2742 Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed ...
E
CVE-2022-2743 Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 a...
E
CVE-2022-2744 SourceCodester Gym Management System Background Management add_exercises.php unrestricted upload
CVE-2022-2745 SourceCodester Gym Management System Add New Trainer add_trainers.php sql injection
CVE-2022-2746 SourceCodester Simple Online Book Store System Admin_ add.php unrestricted upload
CVE-2022-2747 SourceCodester Simple Online Book Store book.php sql injection
CVE-2022-2748 SourceCodester Simple Online Book Store System edit.php cross site scripting
CVE-2022-2749 SourceCodester Gym Management System unrestricted upload
E
CVE-2022-2750 SourceCodester Company Website CMS Add Service add-service.php unrestricted upload
CVE-2022-2751 SourceCodester Company Website CMS add-portfolio.php unrestricted upload
CVE-2022-2752 Potential vulnerabilities in GM login process
CVE-2022-2753 Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored XSS
E
CVE-2022-2754 Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Blind SQLi
E
CVE-2022-2756 Server-Side Request Forgery (SSRF) in kareadita/kavita
E S
CVE-2022-2757 Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS a...
M
CVE-2022-2758 Update
CVE-2022-2759 Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by imp...
S
CVE-2022-2760 In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user...
S
CVE-2022-2761 An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15...
CVE-2022-2762 AdminPad < 2.2 - Note Update via CSRF
E
CVE-2022-2763 WP Socializer < 7.3 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2764 A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAS...
CVE-2022-2765 SourceCodester Company Website CMS settings improper authentication
E
CVE-2022-2766 SourceCodester Loan Management System index.php sql injection
E
CVE-2022-2767 SourceCodester Online Admission System index.php cross site scripting
E
CVE-2022-2768 SourceCodester Library Management System cross site scripting
CVE-2022-2769 SourceCodester Company Website CMS contact cross site scripting
CVE-2022-2770 SourceCodester Simple Online Book Store System book.php sql injection
CVE-2022-2771 SourceCodester Simple Online Book Store System bookPerPub.php sql injection
CVE-2022-2772 SourceCodester Apartment Visitor Management System action-visitor.php sql injection
CVE-2022-2773 SourceCodester Apartment Visitor Management System profile.php cross site scripting
CVE-2022-2774 SourceCodester Library Management System student.php sql injection
CVE-2022-2775 Fast Flow < 1.2.13 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2776 SourceCodester Gym Management System delete_user.php denial of service
CVE-2022-2777 Cross-site Scripting (XSS) - Stored in microweber/microweber
E S
CVE-2022-2778 In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null by...
S
CVE-2022-2779 SourceCodester Gas Agency Management System oneWord.php unrestricted upload
E
CVE-2022-2780 In affected versions of Octopus Server it is possible to use the Git Connectivity test function on t...
CVE-2022-2781 In affected versions of Octopus Server it was identified that the same encryption process was used f...
CVE-2022-2782 In affected versions of Octopus Server it is possible for a session token to be valid indefinitely d...
CVE-2022-2783 In affected versions of Octopus Server it was identified that a session cookie could be used as the ...
CVE-2022-2785 Arbitrary Memory read in BPF Linux Kernel
S
CVE-2022-2787 stricter rules on chroot names
S
CVE-2022-2788 Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Trave...
M
CVE-2022-2789 Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insuffici...
CVE-2022-2790 Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper ...
CVE-2022-2791 Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestric...
CVE-2022-2792 Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper ...
CVE-2022-2793 Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing S...
CVE-2022-2794 Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack....
CVE-2022-2795 Processing large delegations may severely degrade resolver performance
S
CVE-2022-2796 Cross-site Scripting (XSS) - Stored in pimcore/pimcore
E S
CVE-2022-2797 SourceCodester Student Information System view_student.php sql injection
CVE-2022-2798 Affiliates Manager < 2.9.14 - Affiliate CSV Injection
E
CVE-2022-2799 Affiliates Manager < 2.9.14 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2800 SourceCodester Gym Management System clickjacking
E
CVE-2022-2801 SourceCodester Automated Beer Parlour Billing System Login sql injection
CVE-2022-2802 SourceCodester Gas Agency Management System login.php sql injection
CVE-2022-2803 SourceCodester Zoo Management System animals.php sql injection
E
CVE-2022-2804 SourceCodester Zoo Management System apply_vacancy.php unrestricted upload
E
CVE-2022-2805 A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file ...
CVE-2022-2806 It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixe...
S
CVE-2022-2807 SQL Injection in Prens Student Information System
S
CVE-2022-2808 IDOR in Prens Student Information System
S
CVE-2022-2809 Unauthenticated out of bounds heap write in bmcweb
S
CVE-2022-2811 SourceCodester Guest Management System myform.php cross site scripting
E
CVE-2022-2812 SourceCodester Guest Management System index.php sql injection
E
CVE-2022-2813 SourceCodester Guest Management System cleartext storage
CVE-2022-2814 SourceCodester Simple and Nice Shopping Cart Script login.php cross site scripting
E
CVE-2022-2815 Insecure Storage of Sensitive Information in publify/publify
E S
CVE-2022-2816 Out-of-bounds Read in vim/vim
E S
CVE-2022-2817 Use After Free in vim/vim
E S
CVE-2022-2818 Improper Removal of Sensitive Information Before Storage or Transfer in cockpit-hq/cockpit
E S
CVE-2022-2819 Heap-based Buffer Overflow in vim/vim
E S
CVE-2022-2820 Session Fixation in namelessmc/nameless
E S
CVE-2022-2821 Missing Critical Step in Authentication in namelessmc/nameless
E S
CVE-2022-2822 Authentication Bypass by Primary Weakness in octoprint/octoprint
E S
CVE-2022-2823 Slider, Gallery, and Carousel by MetaSlider < 3.27.9 - Admin+ Stored Cross Site Scripting
E
CVE-2022-2824 Authorization Bypass Through User-Controlled Key in openemr/openemr
E S
CVE-2022-2825 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ke...
CVE-2022-2826 An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all ...
CVE-2022-2827 AMI MegaRAC User Enumeration Vulnerability
S
CVE-2022-2828 In affected versions of Octopus Server it is possible to reveal information about teams via the API ...
CVE-2022-2829 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
E S
CVE-2022-2830 Deserialization of Untrusted Data in GravityZone Console On-Premise (VA-10573)
S
CVE-2022-2831 A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_...
E S
CVE-2022-2832 A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl...
E S
CVE-2022-2833 Endless Infinite loop in Blender-thumnailing due to logical bugs....
E S
CVE-2022-2834 Helpful < 4.5.26 - Information Disclosure
E
CVE-2022-2835 A flaw was found in coreDNS. This flaw allows a malicious user to reroute internal calls to some int...
CVE-2022-2837 A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for exte...
M
CVE-2022-2838 In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling proces...
CVE-2022-2839 Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS
E
CVE-2022-2840 Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi
E S
CVE-2022-2841 CrowdStrike Falcon Uninstallation authorization
E
CVE-2022-2842 SourceCodester Gym Management System login.php sql injection
E
CVE-2022-2843 MotoPress Timetable and Event Schedule Quick Edit admin-ajax.php cross site scripting
CVE-2022-2844 MotoPress Timetable and Event Schedule Calendar cross site scripting
CVE-2022-2845 Improper Validation of Specified Quantity in Input in vim/vim
E S
CVE-2022-2846 Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS
E
CVE-2022-2847 SourceCodester Guest Management System front.php sql injection
E
CVE-2022-2848 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ke...
CVE-2022-2849 Heap-based Buffer Overflow in vim/vim
E S
CVE-2022-2850 A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticate...
E
CVE-2022-2852 Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potent...
CVE-2022-2853 Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remo...
S
CVE-2022-2854 Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to ...
S
CVE-2022-2855 Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potent...
S
CVE-2022-2856 Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.511...
KEV E S
CVE-2022-2857 Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potent...
S
CVE-2022-2858 Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to...
S
CVE-2022-2859 Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker...
S
CVE-2022-2860 Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote...
S
CVE-2022-2861 Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an a...
S
CVE-2022-2862 Use After Free in vim/vim
E S
CVE-2022-2863 WPvivid Backup < 0.9.76 - Admin+ Arbitrary File Read
E S
CVE-2022-2864 The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versi...
S
CVE-2022-2865 A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1....
CVE-2022-2866 FATEK Automation FvDesigner Out-of-bounds Write
M
CVE-2022-2867 libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. A...
S
CVE-2022-2868 libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read ...
S
CVE-2022-2869 libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the ...
S
CVE-2022-2870 laravel deserialization
E
CVE-2022-2871 Cross-site Scripting (XSS) - Stored in notrinos/notrinoserp
E S
CVE-2022-2872 Unrestricted Upload of File with Dangerous Type in octoprint/octoprint
E S
CVE-2022-2873 An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller...
CVE-2022-2874 NULL Pointer Dereference in vim/vim
E S
CVE-2022-2876 SourceCodester Student Management System index.php sql injection
E
CVE-2022-2877 Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing
E
CVE-2022-2879 Unbounded memory consumption when reading headers in archive/tar
S
CVE-2022-2880 Incorrect sanitization of forwarded query parameters in net/http/httputil
E S
CVE-2022-2881 Buffer overread in statistics channel code
S
CVE-2022-2882 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5...
CVE-2022-2883 In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which resul...
CVE-2022-2884 A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, ...
CVE-2022-2885 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
E S
CVE-2022-2886 Laravel deserialization
E
CVE-2022-2887 WP Server Health Stats < 1.7.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2888 Insufficient Session Expiration in octoprint/octoprint
E S
CVE-2022-2889 Use After Free in vim/vim
E S
CVE-2022-2890 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
E S
CVE-2022-2891 WP 2FA < 2.3.0 - Time-Based Side-Channel Attack
E
CVE-2022-2892 Measuresoft ScadaPro Server Out-of-bounds Write
S
CVE-2022-2893 RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an un...
S
CVE-2022-2894 Measuresoft ScadaPro Server Untrusted Pointer Dereference
CVE-2022-2895 Measuresoft ScadaPro Server Stack-based Buffer Overflow
CVE-2022-2896 Measuresoft ScadaPro Server Use After Free
CVE-2022-2897 Measuresoft ScadaPro Server and Client Link Following
CVE-2022-2898 Measuresoft ScadaPro Server and Client Link Following
CVE-2022-2900 Server-Side Request Forgery (SSRF) in ionicabizau/parse-url
E S
CVE-2022-2901 Improper Authorization in chatwoot/chatwoot
E S
CVE-2022-2903 NinjaForms < 3.6.13 - Admin+ PHP Objection Injection
E S
CVE-2022-2904 A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting fro...
CVE-2022-2905 An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls ...
E S
CVE-2022-2906 Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only)
S
CVE-2022-2907 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6...
CVE-2022-2908 A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1...
CVE-2022-2909 SourceCodester Simple and Nice Shopping Cart Script profile.php unrestricted upload
E
CVE-2022-2912 Craw Data <= 1.0.0 - Server Side Request Forgery
E
CVE-2022-2913 Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass
E S
CVE-2022-2915 A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authent...
CVE-2022-2921 Exposure of Private Personal Information to an Unauthorized Actor in notrinos/notrinoserp
E S
CVE-2022-2922 Relative Path Traversal in dnnsoftware/dnn.platform
E S
CVE-2022-2923 NULL Pointer Dereference in vim/vim
E S
CVE-2022-2924 Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
E S
CVE-2022-2925 Cross-site Scripting (XSS) - Stored in appwrite/appwrite
E S
CVE-2022-2926 Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal
E
CVE-2022-2927 Weak Password Requirements in notrinos/notrinoserp
E S
CVE-2022-2928 An option refcount overflow exists in dhcpd
S
CVE-2022-2929 DHCP memory leak
S
CVE-2022-2930 Unverified Password Change in octoprint/octoprint
E S
CVE-2022-2931 A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, a...
CVE-2022-2932 Cross-site Scripting (XSS) - Reflected in bustle/mobiledoc-kit
E S
CVE-2022-2933 The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to...
E
CVE-2022-2934 Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Image URL
CVE-2022-2935 Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Media URL
S
CVE-2022-2936 Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Video Link
S
CVE-2022-2937 Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Title & Description
S
CVE-2022-2938 A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the featu...
S
CVE-2022-2939 WP Cerber Security <= 9.0 - User Enumeration Bypass
S
CVE-2022-2941 The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in v...
E S
CVE-2022-2943 The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file ...
E
CVE-2022-2945 The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Directory Trave...
E
CVE-2022-2946 Use After Free in vim/vim
E S
CVE-2022-2947 Altair HyperView Player versions 2021.1.0.27 and prior perform operations on a memory buffer but ...
S
CVE-2022-2948 GE CIMPLICITY Heap-based Buffer Overflow
S
CVE-2022-2949 Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized...
S
CVE-2022-2950 Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized...
S
CVE-2022-2951 Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to improper validation of a...
S
CVE-2022-2952 GE CIMPLICITY Access of Uninitialized Pointer
S
CVE-2022-2953 LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing at...
E S
CVE-2022-2956 ConsoleTVs Noxen users.php cross site scripting
E
CVE-2022-2957 SourceCodester Simple and Nice Shopping Cart Script profile.php sql injection
E
CVE-2022-2958 BadgeOS < 3.7.1.3 - Subscriber+ SQLi
E S
CVE-2022-2959 A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ri...
S
CVE-2022-2961 A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user trigg...
CVE-2022-2962 A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes t...
E S
CVE-2022-2963 A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in...
E S
CVE-2022-2964 A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Et...
S
CVE-2022-2965 Improper Restriction of Rendered UI Layers or Frames in notrinos/notrinoserp
E S
CVE-2022-2966 Delta Electronics DOPSoft Out-of-bounds Read
CVE-2022-2967 Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 an...
S
CVE-2022-2969 ICSA-22-307-03 Delta Industrial Automation DIALink Path traversal
S
CVE-2022-2970 MZ Automation libIEC61850 Stack-Based Buffer Overflow
CVE-2022-2971 MZ Automation libIEC61850 Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2022-2972 MZ Automation libIEC61850 Stack-Based Buffer Overflow
CVE-2022-2973 MZ Automation libIEC61850 NULL Pointer Dereference
CVE-2022-2975 Avaya Aura Application Enablement Services weak permissions in web application
CVE-2022-2977 A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system ...
S
CVE-2022-2978 A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers funct...
CVE-2022-2979 Omron CX-Programmer
S
CVE-2022-2980 NULL Pointer Dereference in vim/vim
E S
CVE-2022-2981 Download Monitor < 4.5.98 - Admin+ Arbitrary File Download
E
CVE-2022-2982 Use After Free in vim/vim
E S
CVE-2022-2983 Salat Times < 3.2.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2022-2984 In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lea...
CVE-2022-2985 In music service, there is a missing permission check. This could lead to elevation of privilege in ...
CVE-2022-2986 Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF...
S
CVE-2022-2987 Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update to Auth Bypass
E
CVE-2022-2988 A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage w...
CVE-2022-2989 An incorrect handling of the supplementary groups in the Podman container engine might lead to the s...
E S
CVE-2022-2990 An incorrect handling of the supplementary groups in the Buildah container engine might lead to the ...
E S
CVE-2022-2991 A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results f...
S
CVE-2022-2992 A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 1...
CVE-2022-2993 bt: host: Wrong key validation check
M
CVE-2022-2995 Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive...
E S
CVE-2022-2996 A flaw was found in the python-scciclient when making an HTTPS connection to a server where the serv...
S
CVE-2022-2997 Session Fixation in snipe/snipe-it
E S
CVE-2022-2998 Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacke...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.