| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-3000 | Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm | E S | |
| CVE-2022-3001 | Vulnerability in Milesight Video Management Systems (VMS) | S | |
| CVE-2022-3002 | Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm | E S | |
| CVE-2022-3004 | Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm | E S | |
| CVE-2022-3005 | Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm | E S | |
| CVE-2022-3007 | Unauthorized Access Vulnerability in Syska SW100 Smartwatch | S | |
| CVE-2022-3008 | Command Injection on tinygltf | E S | |
| CVE-2022-3010 | Predictable SSH credentials in Priva TopControl Suite | S | |
| CVE-2022-3012 | oretnom23 Fast Food Ordering System index.php sql injection | E | |
| CVE-2022-3013 | SourceCodester Simple Task Managing System loginVaLidation.php sql injection | | |
| CVE-2022-3014 | SourceCodester Simple Task Managing System cross site scripting | E | |
| CVE-2022-3015 | oretnom23 Fast Food Ordering System cross site scripting | | |
| CVE-2022-3016 | Use After Free in vim/vim | E S | |
| CVE-2022-3017 | Cross-Site Request Forgery (CSRF) in froxlor/froxlor | E S | |
| CVE-2022-3018 | An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 bef... | | |
| CVE-2022-3019 | Improper Access Control in tooljet/tooljet | E S | |
| CVE-2022-3021 | Slickr Flickr <= 2.8.1 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3022 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was inco... | R | |
| CVE-2022-3023 | Use of Externally-Controlled Format String in pingcap/tidb | S | |
| CVE-2022-3024 | Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS | E | |
| CVE-2022-3025 | Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF | E | |
| CVE-2022-3026 | The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and inc... | E | |
| CVE-2022-3027 | Contec Health CMS8000 | M | |
| CVE-2022-3028 | A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsyst... | S | |
| CVE-2022-3029 | Fatal error on incorrect base64 data in RRDP | | |
| CVE-2022-3030 | An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all ... | | |
| CVE-2022-3031 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions star... | | |
| CVE-2022-3032 | When receiving an HTML email that contained an iframe element, which used a srcdo... | | |
| CVE-2022-3033 | If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the <... | | |
| CVE-2022-3034 | When receiving an HTML email that specified to load an iframe element from a remote loc... | | |
| CVE-2022-3035 | Cross-site Scripting (XSS) - Stored in snipe/snipe-it | E S | |
| CVE-2022-3036 | Gettext override translations < 2.0.0 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3037 | Use After Free in vim/vim | E S | |
| CVE-2022-3038 | Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker ... | KEV E | |
| CVE-2022-3039 | Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potent... | | |
| CVE-2022-3040 | Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potent... | | |
| CVE-2022-3041 | Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potent... | | |
| CVE-2022-3042 | Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote att... | S | |
| CVE-2022-3043 | Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed ... | S | |
| CVE-2022-3044 | Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a rem... | S | |
| CVE-2022-3045 | Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a r... | S | |
| CVE-2022-3046 | Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convin... | | |
| CVE-2022-3047 | Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an... | S | |
| CVE-2022-3048 | Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.51... | | |
| CVE-2022-3049 | Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a... | | |
| CVE-2022-3050 | Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote ... | | |
| CVE-2022-3051 | Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allow... | | |
| CVE-2022-3052 | Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 ... | | |
| CVE-2022-3053 | Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed ... | | |
| CVE-2022-3054 | Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote... | S | |
| CVE-2022-3055 | Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who co... | S | |
| CVE-2022-3056 | Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 a... | S | |
| CVE-2022-3057 | Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a rem... | S | |
| CVE-2022-3058 | Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who... | S | |
| CVE-2022-3059 | SQL injection in Schoolbox version 21.0.2, by Schoolbox Pty Ltd | | |
| CVE-2022-3060 | Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions f... | | |
| CVE-2022-3061 | Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the drive... | S | |
| CVE-2022-3062 | Simple File List < 4.4.12 - Reflected Cross-Site Scripting | E S | |
| CVE-2022-3063 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was inco... | R | |
| CVE-2022-3064 | Excessive resource consumption in gopkg.in/yaml.v2 | S | |
| CVE-2022-3065 | Improper Access Control in jgraph/drawio | E S | |
| CVE-2022-3066 | An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all ... | | |
| CVE-2022-3067 | An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions star... | | |
| CVE-2022-3068 | Improper Privilege Management in octoprint/octoprint | E S | |
| CVE-2022-3069 | Wordlift < 3.37.2 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3070 | Generate PDF using Contact Form 7 < 3.6 - Admin+ Stored Cross-Site Scripting | E S | |
| CVE-2022-3071 | Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a r... | | |
| CVE-2022-3072 | Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis | E S | |
| CVE-2022-3073 | Quaonos Schema ST4 example templates prone to XSS | | |
| CVE-2022-3074 | Slider Hero < 8.4.4 - Admin+ Stored Cross-Site Scripting | E S | |
| CVE-2022-3075 | Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attac... | KEV | |
| CVE-2022-3076 | CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload | E S | |
| CVE-2022-3077 | A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller dri... | S | |
| CVE-2022-3078 | An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling... | S | |
| CVE-2022-3079 | Festo: CPX-CEC-C1 and CMXX, Missing Authentication for Critical Webpage Function | M | |
| CVE-2022-3080 | BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly | S | |
| CVE-2022-3082 | miniOrange Discord Integration < 2.1.6 - Subscriber+ App Disabling | E | |
| CVE-2022-3083 | All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Vali... | S | |
| CVE-2022-3084 | GE CIMPLICITY Access of Uninitialized Pointer | S | |
| CVE-2022-3085 | Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to a stack-based b... | S | |
| CVE-2022-3086 | Cradlepoint IBR600 Command Injection | S | |
| CVE-2022-3087 | Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bound... | S | |
| CVE-2022-3088 | UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-... | S | |
| CVE-2022-3089 | EnOcean SmartServer Hard-coded credentials | S | |
| CVE-2022-3090 | Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, a... | | |
| CVE-2022-3091 | RONDS EPM version 1.19.5 has a vulnerability in which a function could allow unauthenticated users ... | S | |
| CVE-2022-3092 | GE CIMPLICITY Out-of-bounds Write | S | |
| CVE-2022-3093 | This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. A... | | |
| CVE-2022-3094 | An UPDATE message flood may cause named to exhaust all available memory | S | |
| CVE-2022-3095 | Incorrect parsing of the backslash characters in Dart library | | |
| CVE-2022-3096 | WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS | E | |
| CVE-2022-3097 | LBStopAttack < 1.1.3 - Arbitrary Settings Update via CSRF | E | |
| CVE-2022-3098 | Login Block IPs <= 1.0.0 - Arbitrary Setting Update via CSRF | E | |
| CVE-2022-3099 | Use After Free in vim/vim | E S | |
| CVE-2022-3100 | A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via ... | | |
| CVE-2022-3101 | A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a ... | | |
| CVE-2022-3103 | off-by-one in io_uring module.... | | |
| CVE-2022-3104 | An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkd... | S | |
| CVE-2022-3105 | An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/co... | S | |
| CVE-2022-3106 | An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethe... | S | |
| CVE-2022-3107 | An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/ne... | S | |
| CVE-2022-3108 | An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gp... | S | |
| CVE-2022-3109 | An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks chec... | S | |
| CVE-2022-3110 | An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging... | S | |
| CVE-2022-3111 | An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/su... | S | |
| CVE-2022-3112 | An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging... | S | |
| CVE-2022-3113 | An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/medi... | S | |
| CVE-2022-3114 | An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/cl... | S | |
| CVE-2022-3115 | An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/a... | S | |
| CVE-2022-3116 | The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attac... | | |
| CVE-2022-3117 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-3118 | Sourcecodehero ERP System Project processlogin.php sql injection | E | |
| CVE-2022-3119 | OAuth client Single Sign On for WordPress < 3.0.4 - Unauthenticated Settings Update to Authentication Bypass | E | |
| CVE-2022-3120 | SourceCodester Clinics Patient Management System Login index.php sql injection | | |
| CVE-2022-3121 | SourceCodester Online Employee Leave Management System addemployee.php cross-site request forgery | | |
| CVE-2022-3122 | SourceCodester Clinics Patient Management System medicine_details.php sql injection | | |
| CVE-2022-3123 | Cross-site Scripting (XSS) - Reflected in splitbrain/dokuwiki | E S | |
| CVE-2022-3124 | Frontend File Manager < 21.3 - Unauthenticated File Renaming | E | |
| CVE-2022-3125 | Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload | E | |
| CVE-2022-3126 | Frontend File Manager < 21.4 - File Upload via CSRF | E | |
| CVE-2022-3127 | Cross-site Scripting (XSS) - Stored in jgraph/drawio | E S | |
| CVE-2022-3128 | Donation Thermometer < 2.1.3 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3129 | codeprojects Online Driving School registration.php unrestricted upload | E | |
| CVE-2022-3130 | codeprojects Online Driving School login.php sql injection | E | |
| CVE-2022-3131 | Search Logger <= 0.9 - Admin+ SQLi | E | |
| CVE-2022-3132 | Goolytics - Simple Google Analytics < 1.1.2 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3133 | OS Command Injection in jgraph/drawio | E S | |
| CVE-2022-3134 | Use After Free in vim/vim | E S | |
| CVE-2022-3135 | SEO Smart Links <= 3.0.1 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3136 | Social Rocket < 1.3.3 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3137 | TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload | E | |
| CVE-2022-3138 | Cross-site Scripting (XSS) - Generic in jgraph/drawio | E S | |
| CVE-2022-3139 | We’re Open! < 1.42 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3140 | Macro URL arbitrary script execution | | |
| CVE-2022-3141 | Translatepress Multilinugal < 2.3.3 - Admin+ SQLi | E | |
| CVE-2022-3142 | NEX-Forms < 7.9.7 - Authenticated SQLi | E | |
| CVE-2022-3143 | wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-e... | | |
| CVE-2022-3144 | The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-... | S | |
| CVE-2022-3145 | An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an att... | | |
| CVE-2022-3146 | A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a ... | | |
| CVE-2022-3147 | Server-side Denial of Service while processing a specifically crafted JPEG file | S | |
| CVE-2022-3148 | Cross-site Scripting (XSS) - Generic in jgraph/drawio | E S | |
| CVE-2022-3149 | WP Custom Cursors < 3.0.1 - Stored Cross-Site Scripting via CSRF | E | |
| CVE-2022-3150 | WP Custom Cursors < 3.2 - Admin+ SQLi | E | |
| CVE-2022-3151 | WP Custom Cursors < 3.0.1 - Arbitrary Cursor Deletion via CSRF | E | |
| CVE-2022-3152 | Unverified Password Change in phpfusion/phpfusion | E S | |
| CVE-2022-3153 | NULL Pointer Dereference in vim/vim | E S | |
| CVE-2022-3154 | Multiple Plugins from Viszt Peter - Multiple CSRF | E | |
| CVE-2022-3155 | When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.qua... | | |
| CVE-2022-3156 | Rockwell Automation Studio 5000 Logix Emulate Vulnerable to a Remote Code Execution Vulnerability | | |
| CVE-2022-3157 | Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack | | |
| CVE-2022-3158 | Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to ... | | |
| CVE-2022-3159 | The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while pa... | S | |
| CVE-2022-3160 | The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsin... | S | |
| CVE-2022-3161 | The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF file... | S | |
| CVE-2022-3162 | Unauthorized read of Custom Resources | | |
| CVE-2022-3165 | An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages ... | S | |
| CVE-2022-3166 | MicroLogix 1100 & 1400 Product Web Server Application Vulnerable to Denial-Of-Service Condition Attack | | |
| CVE-2022-3167 | Improper Restriction of Rendered UI Layers or Frames in ikus060/rdiffweb | E S | |
| CVE-2022-3168 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-3169 | A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive r... | | |
| CVE-2022-3170 | An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the... | S | |
| CVE-2022-3171 | Memory handling vulnerability in ProtocolBuffers Java core and lite | | |
| CVE-2022-3172 | Kubernetes - API server - Aggregated API server can cause clients to be redirected (SSRF) | | |
| CVE-2022-3173 | Improper Authentication in snipe/snipe-it | E S | |
| CVE-2022-3174 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb | E S | |
| CVE-2022-3175 | Missing Custom Error Page in ikus060/rdiffweb | E S | |
| CVE-2022-3176 | Use-after-free in io_uring in Linux Kernel | S | |
| CVE-2022-3178 | Buffer Over-read in gpac/gpac | E S | |
| CVE-2022-3179 | Weak Password Requirements in ikus060/rdiffweb | E S | |
| CVE-2022-3180 | WPGateway <= 3.5 - Unauthenticated Privilege Escalation | | |
| CVE-2022-3181 | An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A ... | S | |
| CVE-2022-3182 | Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manage... | | |
| CVE-2022-3183 | Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific func... | S | |
| CVE-2022-3184 | Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s ex... | S | |
| CVE-2022-3185 | Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected pr... | S | |
| CVE-2022-3186 | Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected pr... | S | |
| CVE-2022-3187 | Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pag... | S | |
| CVE-2022-3188 | Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated... | S | |
| CVE-2022-3189 | Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially cra... | S | |
| CVE-2022-3190 | Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to... | E | |
| CVE-2022-3191 | Information Exposure Vulnerability in Hitachi Ops Center Analyzer | | |
| CVE-2022-3192 | Improper Check for Unusual or Exceptional Conditions | M | |
| CVE-2022-3193 | An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. ... | | |
| CVE-2022-3194 | Dokan < 3.6.4 - Vendor Stored Cross-Site Scripting | E | |
| CVE-2022-3195 | Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to... | S | |
| CVE-2022-3196 | Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentia... | | |
| CVE-2022-3197 | Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentia... | | |
| CVE-2022-3198 | Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentia... | | |
| CVE-2022-3199 | Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to poten... | | |
| CVE-2022-3200 | Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker... | | |
| CVE-2022-3201 | Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.... | | |
| CVE-2022-3202 | A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Lin... | S | |
| CVE-2022-3203 | ORing net IAP-420(+) Hidden Functionality | E M | |
| CVE-2022-3204 | NRDelegation Attack | | |
| CVE-2022-3205 | Controller: cross site scripting in automation controller ui | | |
| CVE-2022-3206 | Passster < 3.5.5.5.2 - Insecure Storage of Password | E | |
| CVE-2022-3207 | Simple File List < 4.4.12 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3208 | Simple File List < 4.4.13 - Page Creation via CSRF | E | |
| CVE-2022-3209 | Soledad < 8.2.5 - Reflected Cross-site Scripting | E | |
| CVE-2022-3210 | This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected insta... | S | |
| CVE-2022-3211 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore | E S | |
| CVE-2022-3212 | DoS in axum-core due to missing request size limit | E S | |
| CVE-2022-3213 | A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIF... | S | |
| CVE-2022-3214 | Delta Electronics DIAEnergy Use of Hard-coded Credentials | S | |
| CVE-2022-3215 | NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injec... | | |
| CVE-2022-3216 | Nintendo Game Boy Color Mobile Adapter GB Tetsuji memory corruption | E | |
| CVE-2022-3217 | When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initia... | E | |
| CVE-2022-3218 | Necta WiFi Mouse (Mouse Server) client-side authentication bypass | E S | |
| CVE-2022-3219 | GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with th... | S | |
| CVE-2022-3220 | Advanced Comment Form < 1.2.1 - Admin+ Authenticated Stored XSS | E | |
| CVE-2022-3221 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb | E S | |
| CVE-2022-3222 | Uncontrolled Recursion in gpac/gpac | E S | |
| CVE-2022-3223 | Cross-site Scripting (XSS) - Stored in jgraph/drawio | E S | |
| CVE-2022-3224 | Misinterpretation of Input in ionicabizau/parse-url | E S | |
| CVE-2022-3225 | Improper Control of Dynamically-Managed Code Resources in budibase/budibase | E S | |
| CVE-2022-3226 | An OS command injection vulnerability allows admins to execute code via SSL VPN configuration upload... | | |
| CVE-2022-3228 | Using custom code, an attacker can write into name or description fields larger than the appropriate... | M | |
| CVE-2022-3229 | Because the web management interface for Unified Intents' Unified Remote solution does not itself re... | E S | |
| CVE-2022-3231 | Cross-site Scripting (XSS) - Stored in librenms/librenms | E S | |
| CVE-2022-3232 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb | E S | |
| CVE-2022-3233 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb | E S | |
| CVE-2022-3234 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2022-3235 | Use After Free in vim/vim | E S | |
| CVE-2022-3236 | A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute c... | KEV | |
| CVE-2022-3237 | WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3238 | A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount an... | | |
| CVE-2022-3239 | A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28... | S | |
| CVE-2022-3240 | The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions ... | E | |
| CVE-2022-3241 | Build App Online < 1.0.19 - Unauthenticated SQL Injection | E | |
| CVE-2022-3242 | HTML code Injection in template search keyword in microweber/microweber | E S | |
| CVE-2022-3243 | Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi | E | |
| CVE-2022-3244 | Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation | E | |
| CVE-2022-3245 | Code Injection in display of tag title on saving tags in microweber/microweber | E S | |
| CVE-2022-3246 | Blog2Social < 6.9.10 - Subscriber+ SQLi | E | |
| CVE-2022-3247 | Blog2Social < 6.9.10 - Subscriber+ SSRF | E | |
| CVE-2022-3248 | Openshift api admission checks does not enforce "custom-host" permissions | | |
| CVE-2022-3249 | WP CSV Exporter < 1.3.7 - Admin+ SQLi | E | |
| CVE-2022-3250 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb | E S | |
| CVE-2022-3251 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/minarca | E S | |
| CVE-2022-3252 | Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers fo... | | |
| CVE-2022-3254 | AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi | E | |
| CVE-2022-3255 | Cross-site Scripting (XSS) - Reflected in pimcore/pimcore | E S | |
| CVE-2022-3256 | Use After Free in vim/vim | E S | |
| CVE-2022-3257 | Server-side Denial of Service while processing a specifically crafted GIF file | E S | |
| CVE-2022-3258 | Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on Wind... | | |
| CVE-2022-3259 | Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (... | | |
| CVE-2022-3260 | The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attac... | E | |
| CVE-2022-3261 | Plain-text passwords saved in /var/log/messages | | |
| CVE-2022-3262 | A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the ... | | |
| CVE-2022-3263 | Measuresoft ScadaPro Server Improper Access Control | M | |
| CVE-2022-3265 | A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.... | | |
| CVE-2022-3266 | An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable ... | | |
| CVE-2022-3267 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb | E S | |
| CVE-2022-3268 | Weak Password Requirements in ikus060/minarca | E S | |
| CVE-2022-3269 | Session Fixation in ikus060/rdiffweb | E S | |
| CVE-2022-3270 | Incomplete Documentation of remote functions in FESTO products. | | |
| CVE-2022-3272 | Improper Handling of Length Parameter Inconsistency in ikus060/rdiffweb | E S | |
| CVE-2022-3273 | Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb | E S | |
| CVE-2022-3274 | Cross-Site Request Forgery (CSRF) on user's settings in GitHub repository ikus060/rdiffweb prior to 2.4.6. in ikus060/rdiffweb | E S | |
| CVE-2022-3275 | Puppetlabs-apt Command Injection | | |
| CVE-2022-3276 | Puppetlabs-mysql Command Injection | | |
| CVE-2022-3277 | An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote ... | S | |
| CVE-2022-3278 | NULL Pointer Dereference in vim/vim | E S | |
| CVE-2022-3279 | An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15... | | |
| CVE-2022-3280 | An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.... | | |
| CVE-2022-3281 | WAGO: multiple products - Loss of MAC-Address-Filtering after reboot | M | |
| CVE-2022-3282 | Drag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit Bypass | E | |
| CVE-2022-3283 | A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15... | E | |
| CVE-2022-3284 | Insecure way of passing a download key | S | |
| CVE-2022-3285 | Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 pri... | | |
| CVE-2022-3286 | Lack of IP address checking in GitLab EE affecting all versions from 14.2 prior to 15.2.5, 15.3 prio... | | |
| CVE-2022-3287 | When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated passw... | S | |
| CVE-2022-3288 | A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15... | | |
| CVE-2022-3290 | Improper Handling of Length Parameter Inconsistency in ikus060/rdiffweb | E S | |
| CVE-2022-3291 | Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 ... | | |
| CVE-2022-3292 | Use of Cache Containing Sensitive Information in ikus060/rdiffweb | E S | |
| CVE-2022-3293 | Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15... | | |
| CVE-2022-3294 | Node address isn't always verified when proxying | S | |
| CVE-2022-3295 | Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb | E S | |
| CVE-2022-3296 | Stack-based Buffer Overflow in vim/vim | E S | |
| CVE-2022-3297 | Use After Free in vim/vim | E S | |
| CVE-2022-3298 | Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb | E S | |
| CVE-2022-3299 | Open5GS AMF client.c denial of service | E S | |
| CVE-2022-3300 | Form Maker by 10Web < 1.15.6 - Admin+ SQLI | E | |
| CVE-2022-3301 | Improper Cleanup on Thrown Exception in ikus060/rdiffweb | E S | |
| CVE-2022-3302 | Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi | E | |
| CVE-2022-3303 | A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It coul... | E S | |
| CVE-2022-3304 | Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potential... | | |
| CVE-2022-3305 | Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attack... | | |
| CVE-2022-3306 | Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attack... | | |
| CVE-2022-3307 | Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potenti... | | |
| CVE-2022-3308 | Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a... | E | |
| CVE-2022-3309 | Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote att... | E | |
| CVE-2022-3310 | Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 al... | E | |
| CVE-2022-3311 | Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had c... | | |
| CVE-2022-3312 | Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.6... | | |
| CVE-2022-3313 | Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attack... | | |
| CVE-2022-3314 | Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had ... | | |
| CVE-2022-3315 | Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potenti... | | |
| CVE-2022-3316 | Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62 ... | E | |
| CVE-2022-3317 | Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.524... | E | |
| CVE-2022-3318 | Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed... | E | |
| CVE-2022-3320 | Bypassing Cloudflare Zero Trust policies using warp-cli set-custom-endpoint command | S | |
| CVE-2022-3321 | Lock WARP switch feature bypass on WARP mobile client for iOS | S | |
| CVE-2022-3322 | Lock WARP switch bypass on WARP mobile client using iOS quick action | S | |
| CVE-2022-3323 | An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the C... | E | |
| CVE-2022-3324 | Stack-based Buffer Overflow in vim/vim | E S | |
| CVE-2022-3325 | Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.... | | |
| CVE-2022-3326 | Weak Password Requirements in ikus060/rdiffweb | E S | |
| CVE-2022-3327 | Missing Authentication for Critical Function in ikus060/rdiffweb | S | |
| CVE-2022-3328 | Race condition in snap-confine's must_mkdir_and_open_with_perms()... | | |
| CVE-2022-3330 | It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affec... | | |
| CVE-2022-3331 | An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, a... | E | |
| CVE-2022-3332 | SourceCodester Food Ordering Management System POST Parameter router.php sql injection | E | |
| CVE-2022-3333 | Zephyr Project Manager REST Call cross site scripting | E S | |
| CVE-2022-3334 | Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection | E | |
| CVE-2022-3335 | Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection | E | |
| CVE-2022-3336 | Event Monster < 1.2.0 - Visitors Deletion via CSRF | E | |
| CVE-2022-3337 | Lock WARP switch bypass by removing VPN profile on iOS mobile client | S | |
| CVE-2022-3338 | XXE in Trellix ePO server | | |
| CVE-2022-3339 | Reflected XSS in Trellix ePO server | | |
| CVE-2022-3340 | Trellix IPS Manager vulnerable to XXE | S | |
| CVE-2022-3341 | A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of liba... | S | |
| CVE-2022-3342 | The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ p... | S | |
| CVE-2022-3343 | WPQA < 5.9.3 - Missing validation lead to functionality abuse | E | |
| CVE-2022-3344 | A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely ... | S | |
| CVE-2022-3346 | Incorrect DNSSEC validation due to unchecked owner names in github.com/peterzen/goresolver | | |
| CVE-2022-3347 | Incorrect validation of root DNSSEC public keys in github.com/peterzen/goresolver | | |
| CVE-2022-3348 | Exposure of Sensitive Information to an Unauthorized Actor in tooljet/tooljet | E S | |
| CVE-2022-3349 | Sony PS4/PS5 exFAT UVFAT_readupcasetable heap-based overflow | E | |
| CVE-2022-3350 | Contact Bank <= 3.0.30 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3351 | An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, a... | | |
| CVE-2022-3352 | Use After Free in vim/vim | E S | |
| CVE-2022-3353 | IEC 61850 MMS-Server Vulnerability in multiple Hitachi Energy Products | S | |
| CVE-2022-3354 | Open5GS UDP Packet ogs-tlv-msg.c denial of service | E | |
| CVE-2022-3355 | Cross-site Scripting (XSS) - Stored in inventree/inventree | E S | |
| CVE-2022-3357 | Smart Slider 3 < 3.5.1.11 - PHP Object Injection | E | |
| CVE-2022-3358 | Using a Custom Cipher with NID_undef may lead to NULL encryption | | |
| CVE-2022-3359 | Shortcodes and extra features for Phlox theme < 2.10.7 - PHP Objection Injection | E | |
| CVE-2022-3360 | LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API | E | |
| CVE-2022-3361 | The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and... | E S | |
| CVE-2022-3362 | Insufficient Session Expiration in ikus060/rdiffweb | E S | |
| CVE-2022-3363 | Business Logic Errors in ikus060/rdiffweb | S | |
| CVE-2022-3364 | No limit in length of "Fullname" parameter results in DOS attack /memory corruption in ikus060/rdiffweb prior to 2.5.0a3 in ikus060/rdiffweb | E S | |
| CVE-2022-3365 | Emote Interactive Remote Mouse Server command injection due to weak encoding | E | |
| CVE-2022-3366 | PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection | E | |
| CVE-2022-3368 | Software Updater of Avira Security for Windows vulnerable to Privilege Escalation | | |
| CVE-2022-3369 | Improper handling of registry symbolic links in Bitdefender Engines | S | |
| CVE-2022-3370 | Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker ... | | |
| CVE-2022-3371 | No limit in length of "Token name" parameter results in DOS attack /memory corruption in ikus060/rdiffweb prior to 2.5.0a3 in ikus060/rdiffweb | E S | |
| CVE-2022-3372 | Cross-Site Request Forgery (CSRF) in Riello UPS Netman-204 | | |
| CVE-2022-3373 | Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perfo... | | |
| CVE-2022-3374 | Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection | E | |
| CVE-2022-3375 | An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all... | | |
| CVE-2022-3376 | Weak Password Requirements in ikus060/rdiffweb | E S | |
| CVE-2022-3377 | Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data... | S | |
| CVE-2022-3378 | Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied dat... | | |
| CVE-2022-3379 | Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data... | | |
| CVE-2022-3380 | Customizer Export/Import < 0.9.5 - Admin+ PHP Objection Injection | E | |
| CVE-2022-3381 | An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 pri... | | |
| CVE-2022-3382 | HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command sou... | | |
| CVE-2022-3383 | The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, a... | E S | |
| CVE-2022-3384 | The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, a... | E S | |
| CVE-2022-3385 | Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An un... | M | |
| CVE-2022-3386 | Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An un... | M | |
| CVE-2022-3387 | Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthori... | M | |
| CVE-2022-3388 | Input Validation Vulnerability in Hitachi Energy’s MicroSCADA Pro/X SYS600 Products | S | |
| CVE-2022-3389 | Path Traversal in ikus060/rdiffweb | E S | |
| CVE-2022-3391 | Retain Live Chat <= 0.1 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3392 | WP Humans.txt <= 1.0.6 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3393 | Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection | E | |
| CVE-2022-3394 | WP All Export Pro < 1.7.9 - Authenticated Code Injection | E | |
| CVE-2022-3395 | WP All Export Pro < 1.7.9 - Authenticated SQLi | E | |
| CVE-2022-3396 | OMRON CX-Programmer Out-of-bounds Write | S | |
| CVE-2022-3397 | OMRON CX-Programmer Out-of-bounds Write | S | |
| CVE-2022-3398 | OMRON CX-Programmer Out-of-bounds Write | S | |
| CVE-2022-3399 | Cookie Notice & Compliance for GDPR / CCPA <= 2.4.17.1 - Authenticated (Admin+) Stored Cross-Site Scripting | | |
| CVE-2022-3400 | The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability che... | | |
| CVE-2022-3401 | The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site... | | |
| CVE-2022-3402 | The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged H... | S | |
| CVE-2022-3403 | Rejected reason: Duplicate, please use CVE-2023-28931 instead.... | R | |
| CVE-2022-3404 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2022-3405 | Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis ... | E | |
| CVE-2022-3407 | I some cases, when the device is USB-tethered to a host PC, and the device is sharing its mobile net... | S | |
| CVE-2022-3408 | WP Word Count <= 3.2.3 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3409 | Unauthenticated out of bounds stack write in bmcweb | S | |
| CVE-2022-3411 | A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 bef... | | |
| CVE-2022-3413 | Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5... | | |
| CVE-2022-3414 | SourceCodester Web-Based Student Clearance System POST Parameter login.php sql injection | E | |
| CVE-2022-3415 | Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting | E | |
| CVE-2022-3416 | WPtouch < 4.3.45 - Admin+ Arbitrary File Upload | E | |
| CVE-2022-3417 | WPtouch < 4.3.45 - Admin+ PHP Object Injection | E | |
| CVE-2022-3418 | WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE | E | |
| CVE-2022-3419 | Automatic User Roles Switcher < 1.1.2 - Subscriber+ Privilege Escalation | E | |
| CVE-2022-3420 | Official Integration for Billingo < 3.4.0 - ShopManager+ Stored XSS | E | |
| CVE-2022-3421 | Privilege escalation in Google Drive for Desktop on MacOS | | |
| CVE-2022-3422 | Improper Privilege Management in tooljet/tooljet | E S | |
| CVE-2022-3423 | Allocation of Resources Without Limits or Throttling in nocodb/nocodb | E S | |
| CVE-2022-3424 | A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_u... | S | |
| CVE-2022-3425 | Google Analyticator < 6.5.6 - Admin+ PHP Object Injection | E | |
| CVE-2022-3426 | Advanced WP Columns <= 2.0.6 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3427 | The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, an... | E S | |
| CVE-2022-3428 | Rejected reason: reserved but not needed... | R | |
| CVE-2022-3429 | A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users sen... | S | |
| CVE-2022-3430 | A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow... | S | |
| CVE-2022-3431 | A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Note... | S | |
| CVE-2022-3432 | A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK th... | S | |
| CVE-2022-3433 | The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this... | E S | |
| CVE-2022-3434 | SourceCodester Web-Based Student Clearance System add-student.php prepare cross site scripting | E | |
| CVE-2022-3435 | Linux Kernel IPv4 fib_semantics.c fib_nh_match out-of-bounds | S | |
| CVE-2022-3436 | SourceCodester Web-Based Student Clearance System Photo edit-photo.php unrestricted upload | | |
| CVE-2022-3437 | A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unw... | | |
| CVE-2022-3438 | Open Redirect in ikus060/rdiffweb | E S | |
| CVE-2022-3439 | Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb | S | |
| CVE-2022-3440 | Rock Convert < 2.6.0 - Reflected Cross-Site Scripting | E | |
| CVE-2022-3441 | Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3442 | Crealogix EBICS ebics.aspx cross site scripting | E M | |
| CVE-2022-3443 | Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a re... | E | |
| CVE-2022-3444 | Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a re... | | |
| CVE-2022-3445 | Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potenti... | | |
| CVE-2022-3446 | Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to... | | |
| CVE-2022-3447 | Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allo... | | |
| CVE-2022-3448 | Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker... | | |
| CVE-2022-3449 | Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who con... | | |
| CVE-2022-3450 | Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker... | | |
| CVE-2022-3451 | Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls | E | |
| CVE-2022-3452 | SourceCodester Book Store Management System category.php cross site scripting | | |
| CVE-2022-3453 | SourceCodester Book Store Management System transcation.php cross site scripting | | |
| CVE-2022-3456 | Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb | S | |
| CVE-2022-3457 | Origin Validation Error in ikus060/rdiffweb | S | |
| CVE-2022-3458 | SourceCodester Human Resource Management System Image File employeeview.php unrestricted upload | | |
| CVE-2022-3459 | WooCommerce Multiple Free Gift <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift Adding | | |
| CVE-2022-3460 | In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to in... | | |
| CVE-2022-3461 | Buffer Overflow in PHOENIX CONTACT Automationworx Software Suite | S | |
| CVE-2022-3462 | Highlight Focus <= 1.1 - Admin+ Stored Cross Site Scripting | E | |
| CVE-2022-3463 | FluentForm < 4.3.13 - CSV Injection | E | |
| CVE-2022-3464 | puppyCMS settings.php cross site scripting | | |
| CVE-2022-3465 | Mediabridge Medialink index.asp improper authentication | E | |
| CVE-2022-3466 | Cri-o: security regression of cve-2022-27652 | | |
| CVE-2022-3467 | Jiusi OA hntdCustomDesktopActionContent sql injection | | |
| CVE-2022-3469 | WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3470 | SourceCodester Human Resource Management System getstatecity.php sql injection | E | |
| CVE-2022-3471 | SourceCodester Human Resource Management System city.php sql injection | E | |
| CVE-2022-3472 | SourceCodester Human Resource Management System city.php sql injection | E | |
| CVE-2022-3473 | SourceCodester Human Resource Management System getstatecity.php sql injection | E | |
| CVE-2022-3474 | Bazel leaks user credentials through the remote assets API | | |
| CVE-2022-3477 | tagDiv Composer < 3.5 - Unauthenticated Account Takeover | E | |
| CVE-2022-3478 | An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all ... | E | |
| CVE-2022-3479 | A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user c... | S | |
| CVE-2022-3480 | Denial-of-Service vulnerability in PHOENIX CONTACT mGuard product family | S | |
| CVE-2022-3481 | WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi | E | |
| CVE-2022-3482 | An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 1... | E | |
| CVE-2022-3483 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5... | | |
| CVE-2022-3484 | WPB Show Core - Reflected Cross-Site Scripting | E | |
| CVE-2022-3485 | Weak Password Recovery in ifm moneo appliance | | |
| CVE-2022-3486 | An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4... | | |
| CVE-2022-3487 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-3488 | named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries | S | |
| CVE-2022-3489 | WP Hide <= 0.0.2 - Unauthenticated Settings Update | E | |
| CVE-2022-3490 | Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection | E | |
| CVE-2022-3491 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2022-3492 | SourceCodester Human Resource Management System Profile Photo os command injection | | |
| CVE-2022-3493 | SourceCodester Human Resource Management System Add Employee cross site scripting | | |
| CVE-2022-3494 | Complianz (Free < 6.3.4, Premium < 6.3.6) - Translator SQLi | E | |
| CVE-2022-3495 | SourceCodester Simple Online Public Access Catalog Admin Login sql injection | E | |
| CVE-2022-3496 | SourceCodester Human Resource Management System Admin Panel employeeadd.php access control | | |
| CVE-2022-3497 | SourceCodester Human Resource Management System Master List cross site scripting | | |
| CVE-2022-3499 | An authenticated attacker could utilize the identical agent and cluster node linking keys to potenti... | | |
| CVE-2022-3500 | A vulnerability was found in keylime. This security issue happens in some circumstances, due to some... | S | |
| CVE-2022-3501 | Information exposure of template content due to missing check of permissions | S | |
| CVE-2022-3502 | Human Resource Management System Leave cross site scripting | E | |
| CVE-2022-3503 | SourceCodester Purchase Order Management System Supplier cross site scripting | E | |
| CVE-2022-3504 | SourceCodester Sanitization Management System sql injection | E | |
| CVE-2022-3505 | SourceCodester Sanitization Management System cross site scripting | E | |
| CVE-2022-3506 | Cross-site Scripting (XSS) - Stored in barrykooij/related-posts-for-wp | E S | |
| CVE-2022-3509 | Parsing issue in protobuf textformat | S | |
| CVE-2022-3510 | Parsing issue in protobuf message-type extension | S | |
| CVE-2022-3511 | Awesome Support < 6.1.2 - Subscriber+ Arbitrary Exported Tickets Download | E | |
| CVE-2022-3512 | Lock WARP switch bypass using warp-cli 'add-trusted-ssid' command | S | |
| CVE-2022-3513 | An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all ... | | |
| CVE-2022-3514 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7,... | | |
| CVE-2022-3515 | A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. T... | E S | |
| CVE-2022-3516 | Cross-site Scripting (XSS) - Stored in librenms/librenms | S | |
| CVE-2022-3517 | A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of ... | S | |
| CVE-2022-3518 | SourceCodester Sanitization Management System User Creation cross site scripting | | |
| CVE-2022-3519 | SourceCodester Sanitization Management System Quote Requests Tab cross site scripting | | |
| CVE-2022-3520 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2022-3521 | Linux Kernel kcm kcmsock.c kcm_tx_work race condition | S | |
| CVE-2022-3522 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3523 | Linux Kernel Driver memory.c use after free | S | |
| CVE-2022-3524 | Linux Kernel IPv6 ipv6_renew_options memory leak | S | |
| CVE-2022-3525 | Deserialization of Untrusted Data in librenms/librenms | S | |
| CVE-2022-3526 | Linux Kernel skb macvlan.c macvlan_handle_frame memory leak | S | |
| CVE-2022-3527 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3528 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3529 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3530 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3531 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3532 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3533 | Linux Kernel BPF usdt.c parse_usdt_arg memory leak | S | |
| CVE-2022-3534 | Linux Kernel libbpf btf_dump.c btf_dump_name_dups use after free | S | |
| CVE-2022-3535 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3536 | Role Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR Deserialization | E | |
| CVE-2022-3537 | Role Based Pricing for WooCommerce < 1.6.2 - Subscriber+ Arbitrary File Upload | E | |
| CVE-2022-3538 | Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation | E | |
| CVE-2022-3539 | Testimonials (Free < 2.7, Pro < 1.0.8) - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3540 | An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of au... | | |
| CVE-2022-3541 | Linux Kernel BPF spl2sw_driver.c spl2sw_nvmem_get_mac_address use after free | S | |
| CVE-2022-3542 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3543 | Linux Kernel BPF af_unix.c unix_release_sock memory leak | S | |
| CVE-2022-3544 | Linux Kernel Netfilter sysfs.c damon_sysfs_add_target memory leak | S | |
| CVE-2022-3545 | Linux Kernel IPsec nfp_cppcore.c area_cache_get use after free | S | |
| CVE-2022-3546 | SourceCodester Simple Cold Storage Management System Create User cross site scripting | | |
| CVE-2022-3547 | SourceCodester Simple Cold Storage Management System Setting cross site scripting | E | |
| CVE-2022-3548 | SourceCodester Simple Cold Storage Management System Add New Storage cross site scripting | E | |
| CVE-2022-3549 | SourceCodester Simple Cold Storage Management System Avatar unrestricted upload | | |
| CVE-2022-3550 | X.org Server xkb.c _GetCountedString buffer overflow | S | |
| CVE-2022-3551 | X.org Server xkb.c ProcXkbGetKbdByName memory leak | S | |
| CVE-2022-3552 | Unrestricted Upload of File with Dangerous Type in boxbilling/boxbilling | E S | |
| CVE-2022-3553 | X.org Server xquartz X11Controller.m denial of service | S | |
| CVE-2022-3554 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3555 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3556 | Cab fare calculator <= 1.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting | | |
| CVE-2022-3558 | Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection | E S | |
| CVE-2022-3559 | Exim Regex use after free | S | |
| CVE-2022-3560 | A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign d... | | |
| CVE-2022-3561 | Cross-site Scripting (XSS) - Generic in librenms/librenms | S | |
| CVE-2022-3562 | Cross-site Scripting (XSS) - Stored in librenms/librenms | S | |
| CVE-2022-3563 | Linux Kernel BlueZ mgmt-tester.c read_50_controller_cap_complete null pointer dereference | S | |
| CVE-2022-3564 | Linux Kernel Bluetooth l2cap_core.c l2cap_reassemble_sdu use after free | S | |
| CVE-2022-3565 | Linux Kernel Bluetooth l1oip_core.c del_timer use after free | S | |
| CVE-2022-3566 | Linux Kernel TCP tcp_setsockopt race condition | S | |
| CVE-2022-3567 | Linux Kernel IPv6 inet6_dgram_ops race condition | S | |
| CVE-2022-3568 | The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via ... | S | |
| CVE-2022-3569 | Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a loc... | E S | |
| CVE-2022-3570 | Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacke... | E S | |
| CVE-2022-3572 | A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 pr... | E | |
| CVE-2022-3573 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7... | | |
| CVE-2022-3574 | WPForms Pro < 1.7.7 - CSV Injection | E | |
| CVE-2022-3575 | Frauscher Sensortechnik Diagnostic System FDS102 for FAdC R2 and FAdCi R2 configuration upload vulnerability | S | |
| CVE-2022-3576 | A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out... | | |
| CVE-2022-3577 | An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller dri... | S | |
| CVE-2022-3578 | ProfileGrid < 5.1.1 - Reflected Cross-Site Scripting | E | |
| CVE-2022-3579 | SourceCodester Cashier Queuing System Login Page login.php sql injection | E | |
| CVE-2022-3580 | SourceCodester Cashier Queuing System User Creation cross site scripting | | |
| CVE-2022-3581 | SourceCodester Cashier Queuing System Cashiers Tab cross site scripting | | |
| CVE-2022-3582 | SourceCodester Simple Cold Storage Management System cross-site request forgery | E | |
| CVE-2022-3583 | SourceCodester Canteen Management System login.php sql injection | E | |
| CVE-2022-3584 | SourceCodester Canteen Management System edituser.php sql injection | E | |
| CVE-2022-3585 | SourceCodester Simple Cold Storage Management System Contact Us cross-site request forgery | E | |
| CVE-2022-3586 | A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sc... | S | |
| CVE-2022-3587 | SourceCodester Simple Cold Storage Management System My Account cross site scripting | E | |
| CVE-2022-3589 | Miele: Vulnerability in cloud service used by appWash | S | |
| CVE-2022-3590 | WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding | E | |
| CVE-2022-3591 | Use After Free in vim/vim | S | |
| CVE-2022-3592 | A symlink following vulnerability was found in Samba, where a user can create a symbolic link that w... | | |
| CVE-2022-3593 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3594 | Linux Kernel BPF r8152.c intr_callback logging of excessive data | S | |
| CVE-2022-3595 | Linux Kernel CIFS sess.c sess_free_buffer double free | S | |
| CVE-2022-3596 | Instack-undercloud: rsync leaks information to undercloud | M | |
| CVE-2022-3597 | LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from e... | E S | |
| CVE-2022-3598 | LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:36... | E S | |
| CVE-2022-3599 | LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing att... | E S | |
| CVE-2022-3600 | Easy Digital Downloads < 3.1.0.2 - Unauthenticated CSV Injection | E | |
| CVE-2022-3601 | Image Hover Effects Css3 <= 4.5 - Admin+ Stored XSS | E | |
| CVE-2022-3602 | X.509 Email Address 4-byte Buffer Overflow | | |
| CVE-2022-3603 | Export customers list CSV for WooCommerce < 2.0.69 - CSV Injection | E | |
| CVE-2022-3604 | Contact Form Entries < 1.3.0 - CSV Injection | E | |
| CVE-2022-3605 | WP CSV Exporter < 1.3.7 - CSV Injection | E | |
| CVE-2022-3606 | Linux Kernel BPF libbpf.c find_prog_by_sec_insn null pointer dereference | S | |
| CVE-2022-3607 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in octoprint/octoprint | E S | |
| CVE-2022-3608 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq | E S | |
| CVE-2022-3609 | GetYourGuide Ticketing < 1.0.4 - Admin+ Stored XSS | E | |
| CVE-2022-3610 | Jeeng Push Notifications < 2.0.4 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3611 | An information disclosure vulnerability has been identified in the Lenovo App Store which may allow ... | S | |
| CVE-2022-3613 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions star... | | |
| CVE-2022-3614 | In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Serv... | | |
| CVE-2022-3616 | OctoRPKI crash when maximum iterations number is reached | | |
| CVE-2022-3618 | Spacer < 3.0.7 - Admin+ Stored XSS | E | |
| CVE-2022-3619 | Linux Kernel Bluetooth l2cap_core.c l2cap_recv_acldata memory leak | E S | |
| CVE-2022-3620 | Exim DMARC dmarc.c dmarc_dns_lookup use after free | S | |
| CVE-2022-3621 | Linux Kernel nilfs2 inode.c nilfs_bmap_lookup_at_level null pointer dereference | S | |
| CVE-2022-3622 | The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capabilit... | S | |
| CVE-2022-3623 | Linux Kernel BPF gup.c follow_page_pte race condition | S | |
| CVE-2022-3624 | Linux Kernel IPsec bond_alb.c rlb_arp_xmit memory leak | S | |
| CVE-2022-3625 | Linux Kernel IPsec devlink.c devlink_param_get use after free | S | |
| CVE-2022-3626 | LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from p... | E S | |
| CVE-2022-3627 | LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from e... | E S | |
| CVE-2022-3628 | A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occu... | E S | |
| CVE-2022-3629 | Linux Kernel af_vsock.c vsock_connect memory leak | S | |
| CVE-2022-3630 | Linux Kernel IPsec cookie.c memory leak | S | |
| CVE-2022-3631 | OAuth Client by DigitialPixies <= 1.1.0 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3632 | OAuth Client by DigitialPixies <= 1.1.0 - CSRF | E | |
| CVE-2022-3633 | Linux Kernel transport.c j1939_session_destroy memory leak | S | |
| CVE-2022-3634 | Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection | E | |
| CVE-2022-3635 | Linux Kernel IPsec idt77252.c tst_timer use after free | E S | |
| CVE-2022-3636 | Linux Kernel Ethernet mtk_ppe.c __mtk_ppe_check_skb use after free | S | |
| CVE-2022-3637 | Linux Kernel BlueZ jlink.c jlink_init denial of service | S | |
| CVE-2022-3638 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3639 | A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before... | | |
| CVE-2022-3640 | Linux Kernel Bluetooth l2cap_core.c l2cap_conn_del use after free | E S | |
| CVE-2022-3641 | Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 ... | | |
| CVE-2022-3642 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3643 | Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger... | | |
| CVE-2022-3644 | The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted ... | E | |
| CVE-2022-3646 | Linux Kernel BPF segment.c nilfs_attach_log_writer memory leak | S | |
| CVE-2022-3647 | Redis Crash Report debug.c sigsegvHandler denial of service | E S | |
| CVE-2022-3649 | Linux Kernel BPF inode.c nilfs_new_inode use after free | S | |
| CVE-2022-3650 | A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalat... | E | |
| CVE-2022-3652 | Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentiall... | | |
| CVE-2022-3653 | Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to ... | | |
| CVE-2022-3654 | Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potent... | | |
| CVE-2022-3655 | Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker ... | | |
| CVE-2022-3656 | Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote... | | |
| CVE-2022-3657 | Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinc... | | |
| CVE-2022-3658 | Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62... | E | |
| CVE-2022-3659 | Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed a remot... | | |
| CVE-2022-3660 | Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 ... | E S | |
| CVE-2022-3661 | Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote ... | | |
| CVE-2022-3662 | Axiomatic Bento4 mp42hls Ap4Sample.h GetOffset use after free | E | |
| CVE-2022-3663 | Axiomatic Bento4 MP4fragment Ap4StsdAtom.cpp AP4_StsdAtom null pointer dereference | E | |
| CVE-2022-3664 | Axiomatic Bento4 avcinfo Ap4BitStream.cpp WriteBytes heap-based overflow | E | |
| CVE-2022-3665 | Axiomatic Bento4 avcinfo AvcInfo.cpp heap-based overflow | E | |
| CVE-2022-3666 | Axiomatic Bento4 mp42ts Ap4LinearReader.cpp Advance use after free | E | |
| CVE-2022-3667 | Axiomatic Bento4 mp42aac Ap4ByteStream.cpp WritePartial heap-based overflow | E | |
| CVE-2022-3668 | Axiomatic Bento4 mp4edit CreateAtomFromStream memory leak | E | |
| CVE-2022-3669 | Axiomatic Bento4 mp4edit Create memory leak | E | |
| CVE-2022-3670 | Axiomatic Bento4 mp42hevc WriteSample heap-based overflow | E | |
| CVE-2022-3671 | SourceCodester eLearning System manage.php sql injection | E | |
| CVE-2022-3672 | SourceCodester Sanitization Management System SystemSettings.php cross site scripting | | |
| CVE-2022-3673 | SourceCodester Sanitization Management System Master.php cross site scripting | | |
| CVE-2022-3674 | SourceCodester Sanitization Management System missing authentication | | |
| CVE-2022-3675 | Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature i... | | |
| CVE-2022-3676 | In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check... | S | |
| CVE-2022-3677 | Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF | E | |
| CVE-2022-3678 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2022-3679 | Starter Templates by Kadence WP < 1.2.17 - Admin+ PHP Object Injection | E | |
| CVE-2022-3680 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2022-3681 | A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an att... | S | |
| CVE-2022-3682 | SDM600 file permission validation | S | |
| CVE-2022-3683 | SDM600 API web services authorization validation | S | |
| CVE-2022-3684 | SDM600 endpoint vulnerability | S | |
| CVE-2022-3685 | SDM600 software privilege level | M | |
| CVE-2022-3686 | SDM600 API permission check | S | |
| CVE-2022-3688 | WPQA < 5.9 - Follow/Unfollow via CSRF | E | |
| CVE-2022-3689 | HTML Forms < 1.3.25 - Admin+ SQLi | E | |
| CVE-2022-3690 | Popup Maker < 1.16.11 - Contributor+ Stored Cross Site Scripting | E | |
| CVE-2022-3691 | DeepL Pro API Translation < 1.7.5 - API Key Disclosure | E | |
| CVE-2022-3692 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-3693 | Path traversal in FileOrbis File Management System | S | |
| CVE-2022-3694 | Syncee - Global Dropshipping < 1.0.10 - Authentication Token Disclosure | E | |
| CVE-2022-3695 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation | | |
| CVE-2022-3696 | A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewal... | | |
| CVE-2022-3697 | A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter fro... | | |
| CVE-2022-3698 | A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to ... | S | |
| CVE-2022-3699 | A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version... | S | |
| CVE-2022-3700 | A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate P... | S | |
| CVE-2022-3701 | A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version ... | S | |
| CVE-2022-3702 | A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.... | S | |
| CVE-2022-3703 | ETIC Telecom Remote Access Server Insufficient Verification of Data Authenticity | S | |
| CVE-2022-3704 | Ruby on Rails _table.html.erb cross site scripting | E S | |
| CVE-2022-3705 | vim autocmd quickfix.c qf_update_buffer use after free | S | |
| CVE-2022-3706 | Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior ... | | |
| CVE-2022-3707 | A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VG... | S | |
| CVE-2022-3708 | The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to,... | S | |
| CVE-2022-3709 | A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import g... | | |
| CVE-2022-3710 | A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configura... | | |
| CVE-2022-3711 | A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration d... | | |
| CVE-2022-3713 | A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of S... | | |
| CVE-2022-3714 | SourceCodester Online Medicine Ordering System sql injection | | |
| CVE-2022-3715 | A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_tran... | E | |
| CVE-2022-3716 | SourceCodester Online Medicine Ordering System cross site scripting | | |
| CVE-2022-3717 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3718 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3719 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3720 | Event Monster < 1.2.1 - Admin+ SQLi | E | |
| CVE-2022-3721 | Code Injection in froxlor/froxlor | S | |
| CVE-2022-3723 | Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentiall... | KEV | |
| CVE-2022-3724 | Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via pac... | | |
| CVE-2022-3725 | Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet... | E S | |
| CVE-2022-3726 | Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 1... | | |
| CVE-2022-3728 | A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper d... | S | |
| CVE-2022-3729 | seccome Ehoney attack sql injection | | |
| CVE-2022-3730 | seccome Ehoney falco sql injection | | |
| CVE-2022-3731 | seccome Ehoney token sql injection | | |
| CVE-2022-3732 | seccome Ehoney set sql injection | | |
| CVE-2022-3733 | SourceCodester Web-Based Student Clearance System edit-admin.php sql injection | E | |
| CVE-2022-3734 | Redis on Windows dbghelp.dll uncontrolled search path | | |
| CVE-2022-3735 | seccome Ehoney signup access control | | |
| CVE-2022-3736 | named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries | S | |
| CVE-2022-3737 | Out-of-bounds Read in PHOENIX CONTACT Automationworx Software Suite | S | |
| CVE-2022-3738 | WAGO: Missing authentication for config export functionality in multiple products | | |
| CVE-2022-3739 | WP Best Quiz <= 1.0 - Author+ Stored XSS | E | |
| CVE-2022-3740 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3... | | |
| CVE-2022-3741 | Improper Restriction of Excessive Authentication Attempts in chatwoot/chatwoot | E S | |
| CVE-2022-3742 | A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that ... | S | |
| CVE-2022-3743 | A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that ... | S | |
| CVE-2022-3744 | A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that ... | S | |
| CVE-2022-3745 | A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that ... | S | |
| CVE-2022-3746 | A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that ... | S | |
| CVE-2022-3747 | The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and... | E | |
| CVE-2022-3748 | Improper authorization that can lead to account impersonation | | |
| CVE-2022-3750 | Ask Me < 6.8.7 - Post Deletion via CSRF | E | |
| CVE-2022-3751 | SQL Injection in owncast/owncast | S | |
| CVE-2022-3752 | Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack | | |
| CVE-2022-3753 | Evaluate <= 1.0 - Admin+ Stored Cross-Site Scripting | E | |
| CVE-2022-3754 | Weak Password Requirements in thorsten/phpmyfaq | E S | |
| CVE-2022-3755 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3756 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3757 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3758 | An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all ... | | |
| CVE-2022-3759 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7... | | |
| CVE-2022-3760 | SQLi in Mia-Med | | |
| CVE-2022-3761 | OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) a... | | |
| CVE-2022-3762 | Booster for WooCommerce - ShopManager+ Arbitrary File Download | E | |
| CVE-2022-3763 | Booster for WooCommerce - Checkout Files Deletion via CSRF | E | |
| CVE-2022-3764 | Form Vibes < 1.4.5 - Admin+ SQLi | E | |
| CVE-2022-3765 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq | E S | |
| CVE-2022-3766 | Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq | E S | |
| CVE-2022-3767 | Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custo... | E S | |
| CVE-2022-3768 | WPSmartContracts < 1.3.12 - Author+ SQLi | E | |
| CVE-2022-3769 | OWM Weather < 5.6.9 - Contributor+ SQLi | E | |
| CVE-2022-3770 | Yunjing CMS upload_img.html unrestricted upload | E | |
| CVE-2022-3771 | easyii CMS File Upload Management Upload.php file unrestricted upload | | |
| CVE-2022-3772 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-36534. Reason: This candidat... | R | |
| CVE-2022-3773 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3774 | SourceCodester Train Scheduler App resource injection | E | |
| CVE-2022-3775 | When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed ... | | |
| CVE-2022-3776 | The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to... | | |
| CVE-2022-3778 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-3780 | Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Mana... | | |
| CVE-2022-3781 | Dashlane password and Keepass Server password in My Account Settings are not encrypted in the datab... | | |
| CVE-2022-3782 | keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not pr... | | |
| CVE-2022-3783 | node-red-dashboard ui_text Format ui-component-ctrl.js cross site scripting | E S | |
| CVE-2022-3784 | Axiomatic Bento4 mp4hls Ap4Mp4AudioInfo.cpp ReadBits heap-based overflow | E | |
| CVE-2022-3785 | Axiomatic Bento4 Avcinfo SetDataSize heap-based overflow | E | |
| CVE-2022-3786 | X.509 Email Address Variable Length Buffer Overflow | S | |
| CVE-2022-3787 | A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local u... | | |
| CVE-2022-3788 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3789 | Tim Campus Confession Wall share.php sql injection | E | |
| CVE-2022-3790 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3791 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3792 | SQL Injection in GullsEye Terminal Operating System | E | |
| CVE-2022-3793 | An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15... | | |
| CVE-2022-3794 | The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX act... | E | |
| CVE-2022-3796 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3797 | eolinker apinto-dashboard login redirect | E | |
| CVE-2022-3798 | IBAX go-ibax tablesInfo sql injection | | |
| CVE-2022-3799 | IBAX go-ibax tablesInfo sql injection | | |
| CVE-2022-3800 | IBAX go-ibax rowsInfo sql injection | | |
| CVE-2022-3801 | IBAX go-ibax rowsInfo sql injection | | |
| CVE-2022-3802 | IBAX go-ibax rowsInfo sql injection | | |
| CVE-2022-3803 | eolinker apinto-dashboard cross site scripting | E | |
| CVE-2022-3804 | eolinker apinto-dashboard login cross site scripting | E | |
| CVE-2022-3805 | The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various function... | E | |
| CVE-2022-3806 | Bluetooth HCI Error Handling Double Free | E | |
| CVE-2022-3807 | Axiomatic Bento4 Incomplete Fix CVE-2019-13238 resource consumption | E | |
| CVE-2022-3808 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3809 | Axiomatic Bento4 mp4tag Mp4Tag.cpp ParseCommandLine denial of service | E | |
| CVE-2022-3810 | Axiomatic Bento4 mp42hevc Mp42Hevc.cpp AP4_File denial of service | E S | |
| CVE-2022-3811 | EU Cookie Law <= 3.1.6 - Admin+ Stored XSS | E | |
| CVE-2022-3812 | Axiomatic Bento4 mp4encrypt AP4_ContainerAtom memory leak | E | |
| CVE-2022-3813 | Axiomatic Bento4 mp4edit memory leak | | |
| CVE-2022-3814 | Axiomatic Bento4 mp4decrypt memory leak | E | |
| CVE-2022-3815 | Axiomatic Bento4 mp4decrypt memory leak | E | |
| CVE-2022-3816 | Axiomatic Bento4 mp4decrypt memory leak | E | |
| CVE-2022-3817 | Axiomatic Bento4 mp4mux memory leak | E | |
| CVE-2022-3818 | An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions ... | | |
| CVE-2022-3819 | An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15... | | |
| CVE-2022-3820 | An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, an... | E | |
| CVE-2022-3821 | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An... | E S | |
| CVE-2022-3822 | Donations via PayPal < 1.9.9 - Admin+ Stored XSS | E | |
| CVE-2022-3823 | Beautiful Cookie Consent Banner < 2.9.1 - Admin+ Stored XSS | E | |
| CVE-2022-3824 | WP Admin UI Customize < 1.5.13 - Admin+ Stored XSS | E | |
| CVE-2022-3825 | Huaxia ERP User Management sql injection | E | |
| CVE-2022-3826 | Huaxia ERP Retail Management list information disclosure | E | |
| CVE-2022-3827 | centreon Contact Groups Form formContactGroup.php sql injection | S | |
| CVE-2022-3828 | Video Thumbnails <= 2.12.3 - Admin+ Stored XSS | E | |
| CVE-2022-3829 | Font Awesome 4 Menus <= 4.7.0 - Admin+ Stored XSS | E | |
| CVE-2022-3830 | WP Page Builder <= 1.2.8 - Admin+ Stored Cross-Site | E | |
| CVE-2022-3831 | reCAPTCHA <= 1.6 - Admin+ Stored XSS | E | |
| CVE-2022-3832 | External Media < 1.0.36 - Admin+ Stored XSS | E | |
| CVE-2022-3833 | Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS | E | |
| CVE-2022-3834 | Google Forms <= 0.95 - Admin+ Stored XSS | E | |
| CVE-2022-3835 | Kwayy HTML Sitemap < 4.0 - Admin+ Stored XSS | E | |
| CVE-2022-3836 | Seed Social < 2.0.4 - Admin+ Stored XSS | E | |
| CVE-2022-3837 | Uji Countdown < 2.3.1 - Admin+ Stored XSS | E | |
| CVE-2022-3838 | WPUpper Share Buttons <= 3.42 - Admin+ Stored XSS | E | |
| CVE-2022-3839 | Analytics for WP <= 1.5.1 - Admin+ Stored XSS | E | |
| CVE-2022-3840 | Google Apps Login < 3.4.5 - Admin+ Stored XSS | E | |
| CVE-2022-3841 | RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerabil... | | |
| CVE-2022-3842 | Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who h... | E | |
| CVE-2022-3843 | WAGO: Exposure of configuration interface in unmanaged switches | | |
| CVE-2022-3844 | Webmin index.cgi cross site scripting | S | |
| CVE-2022-3845 | phpipam Import Preview import-load-data.php cross site scripting | S | |
| CVE-2022-3846 | Workreap - Freelance Marketplace and Directory < 2.6.3 - Subscriber+ Private Message Disclosure via IDOR | E | |
| CVE-2022-3847 | Showing URL in QR Code <= 0.0.1 - Stored XSS via CSRF | E | |
| CVE-2022-3848 | WP User Merger < 1.5.3 - Admin+ SQLi via wpsu_user_id | E | |
| CVE-2022-3849 | WP User Merger < 1.5.3 - Admin+ SQLi via user_id | E | |
| CVE-2022-3850 | Find and Replace All <= 1.3 - Arbitrary Replacement via CSRF | E | |
| CVE-2022-3852 | The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, ... | S | |
| CVE-2022-3853 | Supra CSV <= 4.0.3 - Stored Cross-Site Scripting via CSRF | E | |
| CVE-2022-3854 | A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit th... | | |
| CVE-2022-3855 | 404 to Start <= 1.6.1 - Admin+ Stored XSS | E | |
| CVE-2022-3856 | Comic Book Management System < 2.2.0 - Admin+ SQLi | E | |
| CVE-2022-3857 | Rejected reason: Maintainer contacted. This is a false-positive. The flaw does not actually exist an... | R | |
| CVE-2022-3858 | Chaty < 3.0.3 - Admin+ SQLi | E | |
| CVE-2022-3859 | An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior... | S | |
| CVE-2022-3860 | Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi | E | |
| CVE-2022-3861 | The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and includi... | E | |
| CVE-2022-3862 | Livemesh Addons for Elementor < 7.2.4 - Admin+ Stored XSS | E | |
| CVE-2022-3863 | Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker ... | | |
| CVE-2022-3864 | A vulnerability exists in the Relion update package signature validation. A tampered update package... | | |
| CVE-2022-3865 | WP User Merger < 1.5.3 - Admin+ SQLi via ID | E | |
| CVE-2022-3866 | Nomad Workload Identity Token Can List Non-sensitive Metadata for Paths Under nomad/ | | |
| CVE-2022-3867 | Nomad Event Stream Subscriber Using a Token with TTL Receives Updates Until Garbage Collected | | |
| CVE-2022-3868 | SourceCodester Sanitization Management System sql injection | | |
| CVE-2022-3869 | Code Injection in froxlor/froxlor | E S | |
| CVE-2022-3870 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7... | | |
| CVE-2022-3872 | An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing... | S | |
| CVE-2022-3873 | Cross-site Scripting (XSS) - DOM in jgraph/drawio | E S | |
| CVE-2022-3874 | Os command injection via ct_command and fcct_command | | |
| CVE-2022-3875 | Click Studios Passwordstate API authentication bypass by assumed-immutable data | E | |
| CVE-2022-3876 | Click Studios Passwordstate API authorization | E | |
| CVE-2022-3877 | Click Studios Passwordstate URL Field cross site scripting | E | |
| CVE-2022-3878 | Maxon ERP browse_data sql injection | E | |
| CVE-2022-3879 | Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation | E | |
| CVE-2022-3880 | AntiHacker < 4.20 - Subscriber+ Arbitrary Plugin Installation | E | |
| CVE-2022-3881 | WPTools < 3.43 - Subscriber+ Arbitrary Plugin Installation | E | |
| CVE-2022-3882 | WP Memory < 2.46 - Subscriber+ Arbitrary Plugin Installation | E | |
| CVE-2022-3883 | StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation | E | |
| CVE-2022-3884 | Directory Permission Vulnerability in Hitachi Ops Center Analyzer | | |
| CVE-2022-3885 | Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potential... | | |
| CVE-2022-3886 | Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attac... | | |
| CVE-2022-3887 | Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to ... | | |
| CVE-2022-3888 | Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to po... | | |
| CVE-2022-3889 | Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potential... | | |
| CVE-2022-3890 | Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remot... | | |
| CVE-2022-3891 | WP FullCalendar < 1.5 - Unauthenticated Arbitrary Post Access | E | |
| CVE-2022-3892 | WP OAuth Server < 4.2.2 - Admin+ Stored XSS | E | |
| CVE-2022-3893 | Potential XSS on custom menu navigation | S | |
| CVE-2022-3894 | WP OAuth Server < 4.2.5 - Arbitrary Post Deletion via CSRF | E | |
| CVE-2022-3895 | Potential XSS in common user interface component library | S | |
| CVE-2022-3896 | The WP Affiliate Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $... | | |
| CVE-2022-3897 | The WP Affiliate Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via seve... | | |
| CVE-2022-3898 | The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versio... | | |
| CVE-2022-3899 | 3DPrint < 3.5.6.9 - Arbitrary File and Directory Deletion via CSRF | E | |
| CVE-2022-3900 | Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection | E | |
| CVE-2022-3901 | Visioweb.js - Prototype Pollution can results in XSS | S | |
| CVE-2022-3902 | An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all v... | E | |
| CVE-2022-3903 | An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel.... | | |
| CVE-2022-3904 | MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics | E | |
| CVE-2022-3905 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-3906 | Easy Form Builder < 3.4.0 - Admin+ Stored XSS | E | |
| CVE-2022-3907 | Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure | E | |
| CVE-2022-3908 | Helloprint < 1.4.7 - Reflected Cross-Site Scripting | E | |
| CVE-2022-3909 | Add Comments <= 1.0.1 - Admin+ Stored XSS | E | |
| CVE-2022-3910 | Use after free in IO_uring in the Linux Kernel | S | |
| CVE-2022-3911 | iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin | E | |
| CVE-2022-3912 | User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload | E | |
| CVE-2022-3913 | Rapid7 Nexpose Certificate Validation Issue | | |
| CVE-2022-3915 | Dokan < 3.7.6 - Unauthenticated SQLi | E | |
| CVE-2022-3916 | Keycloak: session takeover with oidc offline refreshtokens | | |
| CVE-2022-3917 | Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prio... | S | |
| CVE-2022-3918 | A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ... | M | |
| CVE-2022-3919 | Jetpack CRM < 5.4.3 - Admin+ Cross-Site Scripting | E | |
| CVE-2022-3920 | Consul Peering Imported Nodes/Services Leak | | |
| CVE-2022-3921 | Listingo < 3.2.7 - Unauthenticated Arbitrary File Upload | E | |
| CVE-2022-3922 | Broken Link Checker < 1.11.20 - Admin+ Cross-Site Scripting | E | |
| CVE-2022-3923 | ActiveCampaign for WooCommerce < 1.9.8 - Subscriber+ Error Log Cleanup | E | |
| CVE-2022-3924 | named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota | S | |
| CVE-2022-3925 | Buddybadges <= 1.0.0 - Admin+ SQLi | E | |
| CVE-2022-3926 | WP OAuth Server < 3.4.2 - Client Secret Regeneration via CSRF | E | |
| CVE-2022-3927 | The affected products store public and private key that are used to sign and protect custom parameter set files from modification. | M | |
| CVE-2022-3928 | Hardcoded credential is found in the message queue | M | |
| CVE-2022-3929 | Communication between the client and server partially using CORBA over TCP/IP | M | |
| CVE-2022-3930 | Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR | E | |
| CVE-2022-3931 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3933 | Essential Real Estate < 3.9.6 - Reflected Cross-Site-Scripting | E | |
| CVE-2022-3934 | Flat PM < 3.0.13 - Reflected Cross-Site Scripting | E | |
| CVE-2022-3935 | Welcart e-Commerce < 2.8.4 - Multiple Subscriber+ Stored Cross-Site Scripting | E | |
| CVE-2022-3936 | Team Members < 5.2.1 - Editor+ Stored XSS | E | |
| CVE-2022-3937 | Easy Video Player < 1.2.2.3 - Contributor+ Stored XSS | E | |
| CVE-2022-3938 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3939 | lanyulei ferry API file.go path traversal | | |
| CVE-2022-3940 | lanyulei ferry task.go path traversal | | |
| CVE-2022-3941 | Activity Log Plugin HTTP Header neutralization for logs | E | |
| CVE-2022-3942 | SourceCodester Sanitization Management System cross site scripting | | |
| CVE-2022-3943 | ForU CMS cms_chip.php cross site scripting | | |
| CVE-2022-3944 | jerryhanjj ERP Commodity Management inventory.php uploadImages unrestricted upload | E | |
| CVE-2022-3945 | Improper Restriction of Excessive Authentication Attempts in kareadita/kavita | E S | |
| CVE-2022-3946 | Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion | E | |
| CVE-2022-3947 | eolinker goku_lite list sql injection | E | |
| CVE-2022-3948 | eolinker goku_lite getList sql injection | E | |
| CVE-2022-3949 | Sourcecodester Simple Cashiering System User Account cross site scripting | | |
| CVE-2022-3950 | sanluan PublicCMS Tab dwz.min.js initLink cross site scripting | S | |
| CVE-2022-3952 | ManyDesigns Portofino WarFileLauncher.java createTempDir temp file | E S | |
| CVE-2022-3953 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-3955 | tholum crm42 Login class.user.php sql injection | E | |
| CVE-2022-3956 | tsruban HHIMS Patient Portrait sql injection | E | |
| CVE-2022-3957 | GPAC SVG Parser svg_attributes.c svg_parse_preserveaspectratio memory leak | S | |
| CVE-2022-3958 | Potential XSS on personal menu navigation | S | |
| CVE-2022-3959 | drogon Session Hash small space of random values | S | |
| CVE-2022-3960 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | | |
| CVE-2022-3961 | Directorist < 7.4.4 - Subscriber+ Sensitive Information Disclosure | E | |
| CVE-2022-3962 | Kiali: error message spoofing in kiali ui | | |
| CVE-2022-3963 | gnuboard5 FAQ Key ID faq.php cross site scripting | S | |
| CVE-2022-3964 | ffmpeg QuickTime RPZA Video Encoder rpzaenc.c out-of-bounds | S | |
| CVE-2022-3965 | ffmpeg QuickTime Graphics Video Encoder smcenc.c smc_encode_stream out-of-bounds | S | |
| CVE-2022-3966 | Ultimate Member Plugin Template class-shortcodes.php load_template pathname traversal | S | |
| CVE-2022-3967 | Vesta Control Panel sed main.sh argument injection | S | |
| CVE-2022-3968 | emlog article_save.php cross site scripting | S | |
| CVE-2022-3969 | OpenKM FileUtils.java getFileExtension temp file | E S | |
| CVE-2022-3970 | LibTIFF tif_getimage.c TIFFReadRGBATileExt integer overflow | E S | |
| CVE-2022-3971 | matrix-appservice-irc PgDataStore.ts sql injection | S | |
| CVE-2022-3972 | Pingkon HMS-PHP adminlogin.php sql injection | E | |
| CVE-2022-3973 | Pingkon HMS-PHP Data Pump Metadata admin.php sql injection | E | |
| CVE-2022-3974 | Axiomatic Bento4 mp4info Ap4StdCFileByteStream.cpp ReadPartial heap-based overflow | E | |
| CVE-2022-3975 | NukeViet CMS Data URL Request.php filterAttr cross site scripting | S | |
| CVE-2022-3976 | MZ Automation libiec61850 MMS File Services mms_client_files.c path traversal | S | |
| CVE-2022-3977 | A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) f... | S | |
| CVE-2022-3978 | NodeBB abort cross-site request forgery | E S | |
| CVE-2022-3979 | NagVis CoreLogonMultisite.php checkAuthCookie type conversion | E S | |
| CVE-2022-3980 | An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential c... | S | |
| CVE-2022-3981 | Icegram Express < 5.5.1 - Subscriber+ SQLi | E | |
| CVE-2022-3982 | Booking Calendar < 3.2.2 - Unauthenticated Arbitrary File Upload | E | |
| CVE-2022-3983 | Checkout for PayPal < 1.0.14 - Contributor+ Stored XSS | E | |
| CVE-2022-3984 | Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS | E | |
| CVE-2022-3985 | Videojs HTML5 Player < 1.1.9 - Contributor+ Stored XSS | E | |
| CVE-2022-3986 | WP Stripe Checkout < 1.2.2.21 - Contributor+ Stored XSS | E | |
| CVE-2022-3987 | Responsive Lightbox2 < 1.0.4 - Contributor+ Stored XSS | E | |
| CVE-2022-3988 | Frappe Search navbar_search.html cross site scripting | S | |
| CVE-2022-3989 | Motors - Car Dealer, Classifieds & Listing < 1.4.4 - Arbitrary File Upload | E | |
| CVE-2022-3990 | HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July ... | | |
| CVE-2022-3991 | The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its set... | E | |
| CVE-2022-3992 | SourceCodester Sanitization Management System Banner Image cross site scripting | | |
| CVE-2022-3993 | Improper Restriction of Excessive Authentication Attempts in kareadita/kavita | E S | |
| CVE-2022-3994 | Authenticator < 1.3.1 - Subscriber+ Denial of Service via Feed Token Disclosure | E | |
| CVE-2022-3995 | The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up... | S | |
| CVE-2022-3996 | X.509 Policy Constraints Double Locking | S | |
| CVE-2022-3997 | MonikaBrzica scm upis_u_bazu.php sql injection | E | |
| CVE-2022-3998 | MonikaBrzica scm uredi_korisnika.php sql injection | E | |
| CVE-2022-3999 | WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion | E |