| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-36000 | Null dereference on MLIR on empty function attributes in TensorFlow | S | |
| CVE-2022-36001 | `CHECK` fail in `DrawBoundingBoxes` in TensorFlow | S | |
| CVE-2022-36002 | `CHECK` fail in `Unbatch` in TensorFlow | S | |
| CVE-2022-36003 | `CHECK` fail in `RandomPoissonV2` in TensorFlow | S | |
| CVE-2022-36004 | `CHECK` fail in `tf.random.gamma` in TensorFlow | S | |
| CVE-2022-36005 | `CHECK` fail in `FakeQuantWithMinMaxVarsGradient` in TensorFlow | S | |
| CVE-2022-36006 | Authenticated remote code execution due to insecure deserialization (GHSL-2022-063) | | |
| CVE-2022-36007 | Partial Path Traversal in com.github.jlangch:venice | E S | |
| CVE-2022-36008 | Message length overflow in frontier | S | |
| CVE-2022-36009 | Incorrect parsing of access level in gomatrixserverlib and dendrite | S | |
| CVE-2022-36010 | Arbitrary code execution via function parsing in react-editable-json-tree | E | |
| CVE-2022-36011 | Null dereference on MLIR on empty function attributes in TensorFlow | S | |
| CVE-2022-36012 | Assertion fail on MLIR empty edge names in TensorFlow | S | |
| CVE-2022-36013 | Null-dereference in `mlir::tfg::GraphDefImporter::ConvertNodeDef` in TensorFlow | S | |
| CVE-2022-36014 | Null-dereference in `mlir::tfg::TFOp::nameAttr` in TensorFlow | S | |
| CVE-2022-36015 | Integer overflow in math ops in TensorFlow | S | |
| CVE-2022-36016 | `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs` in TensorFlow | S | |
| CVE-2022-36017 | Segfault in `Requantize` in TensorFlow | S | |
| CVE-2022-36018 | `CHECK` fail in `RaggedTensorToVariant` in TensorFlow | S | |
| CVE-2022-36019 | `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel` in TensorFlow | S | |
| CVE-2022-36020 | Bypass of Cross-Site Scripting Protection in typo3/html-sanitizer | S | |
| CVE-2022-36021 | Redis string pattern matching can be abused to achieve Denial of Service | S | |
| CVE-2022-36022 | Some Deeplearning4J packages use unclaimed s3 bucket in tests and examples | | |
| CVE-2022-36023 | Remote denial of service in Hyperledger Fabric Gateway | S | |
| CVE-2022-36024 | Bots using py-cord as discord api wrapper are vulnerable to shutdowns through remote code execution | S | |
| CVE-2022-36025 | Incorrect Conversion between Numeric Types in Besu Ethereum Client | | |
| CVE-2022-36026 | `CHECK` fail in `QuantizeAndDequantizeV3` in TensorFlow | S | |
| CVE-2022-36027 | Segfault TFLite converter on per-channel quantized transposed convolutions in TensorFlow | E S | |
| CVE-2022-36028 | BigBlueButton Greenlight Open Redirect vulnerability | S | |
| CVE-2022-36029 | BigBlueButton Greenlight Open Redirect vulnerability | S | |
| CVE-2022-36030 | SQL Injection in Project-nexus | | |
| CVE-2022-36031 | Unhandled exception on illegal filename_disk value | E M | |
| CVE-2022-36032 | ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent | S | |
| CVE-2022-36033 | jsoup may not sanitize Cross-Site Scripting (XSS) attempts if SafeList.preserveRelativeLinks is enabled | E | |
| CVE-2022-36034 | Possible Regular Expression Denial of Service (ReDoS) used on uncontrolled data in nitrado.js | | |
| CVE-2022-36035 | Flux CLI Workload Injection | M | |
| CVE-2022-36036 | Improper Control of Generation of Code ('Code Injection') in mdx-mermaid | E S | |
| CVE-2022-36037 | Cross-site scripting (XSS) from dynamic options in the multiselect field in Kirby | S | |
| CVE-2022-36038 | CircuitVerse potential RCE vulnerability via Oj.load | S | |
| CVE-2022-36039 | Out-of-bounds write when parsing DEX files in Rizin | S | |
| CVE-2022-36040 | Rizin Out-of-bounds Write vulnerability in pyc/marshal.c | S | |
| CVE-2022-36041 | Rizin Out-of-bounds Write vulnerability in Mach-O binary plugin | S | |
| CVE-2022-36042 | Rizin Out-of-bounds Write vulnerability in dyld cache binary plugin | S | |
| CVE-2022-36043 | Rizin Double Free in bobj.c when using qnx binary plugin | S | |
| CVE-2022-36044 | Rizin Out-of-bounds Write vulnerability in Lua binary plugin | S | |
| CVE-2022-36045 | Account takeover via cryptographically weak PRNG in NodeBB Forum | S | |
| CVE-2022-36046 | Unexpected server crash in Next.js version 12.2.3 | | |
| CVE-2022-36048 | IP address leak via image proxy bypass in Zulip Server | | |
| CVE-2022-36049 | Flux2 Helm Controller denial of service | | |
| CVE-2022-36051 | Broken Authorization in ZITADEL Actions | S | |
| CVE-2022-36052 | Out-of-bounds read when decompressing UDP header | S | |
| CVE-2022-36053 | Out-of-bounds read in the uIP buffer module | | |
| CVE-2022-36054 | Out-of-bounds write when decompressing 6LoWPAN payload in Contiki-NG | S | |
| CVE-2022-36055 | Denial of service in Helm | | |
| CVE-2022-36056 | Vulnerabilities with blob verification in sigstore cosign | E S | |
| CVE-2022-36057 | Discourse-Chat Cross-Site Scripting issue for channel names and descriptions | S | |
| CVE-2022-36058 | elrond-go MultiESDTNFTTransfer call on a SC address with missing function name | E S | |
| CVE-2022-36059 | Prototype pollution in matrix-js-sdk | | |
| CVE-2022-36060 | Prototype pollution in matrix-react-sdk | | |
| CVE-2022-36061 | Elrond go can execute on same context checks in VM | E | |
| CVE-2022-36062 | Grafana folders admin only permission privilege escalation | S | |
| CVE-2022-36063 | USBX Host CDC ECM integer underflow with buffer overflow | E S | |
| CVE-2022-36064 | Shescape Inefficient Regular Expression Complexity vulnerability | E S | |
| CVE-2022-36065 | GrowthBook account creation and file upload vulnerability in self-hosted configurations | S | |
| CVE-2022-36066 | Discourse vulnerable to RCE via admins uploading maliciously zipped file | S | |
| CVE-2022-36067 | vm2 vulnerable to Sandbox Escape before v3.9.11 | E S | |
| CVE-2022-36068 | Discourse moderators can edit themes via the API | S | |
| CVE-2022-36069 | Poetry Argument Injection vulnerability can lead to local Code Execution | E | |
| CVE-2022-36070 | Poetry's Untrusted Search Path can lead to Local Code Execution on Windows | | |
| CVE-2022-36071 | Recovery codes abuse in SFTPGo | E S | |
| CVE-2022-36072 | SilverwareGames.io used == for hashing instead of === | | |
| CVE-2022-36073 | RubyGems allows creation of users with arbitrary unverified emails | S | |
| CVE-2022-36074 | Authentication headers exposed on by Nextcloud Server | S | |
| CVE-2022-36075 | File list exposure in Nextcloud Files Access Control | S | |
| CVE-2022-36076 | Account takeover via SSO plugins in NodeBB | E S | |
| CVE-2022-36077 | Electron subject to Exfiltration of hashed SMB credentials on Windows via file:// redirect | M | |
| CVE-2022-36078 | Slice Memory Allocation with Excessive Size Value in binary | E S | |
| CVE-2022-36079 | Parse Server vulnerable to brute force guessing of user sensitive data via search patterns | S | |
| CVE-2022-36080 | Wikmd Cross-site Scripting vulnerability | S | |
| CVE-2022-36081 | Wikmd vulnerable to Local File Enumeration when accessing /list | S | |
| CVE-2022-36082 | mangadex-downloader vulnerable to unauthorized file reading | S | |
| CVE-2022-36083 | JOSE vulnerable to resource exhaustion via specifically crafted JWE | E S | |
| CVE-2022-36084 | cruddl vulnerable to AQL injection through flexSearch | S | |
| CVE-2022-36085 | OPA Compiler: Bypass of WithUnsafeBuiltins using `with` keyword to mock functions | E S | |
| CVE-2022-36086 | linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend` | E S | |
| CVE-2022-36087 | OAuthLib vulnerable DoS when attacker provides malicious IPV6 URI | E S | |
| CVE-2022-36088 | GoCD Windows installations outside default location inadequately restrict installation file permissions | S | |
| CVE-2022-36089 | VelaUX APIServer vulnerable to Authentication Bypass by Capture-replay | S | |
| CVE-2022-36090 | org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users | E S | |
| CVE-2022-36091 | XWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor | | |
| CVE-2022-36092 | XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action | S | |
| CVE-2022-36093 | XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard | S | |
| CVE-2022-36094 | XWiki Platform Web Parent POM vulnerable to XSS in the attachment history | E S | |
| CVE-2022-36095 | XWiki Cross-Site Request Forgery (CSRF) for actions on tags | S | |
| CVE-2022-36096 | XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list | S | |
| CVE-2022-36097 | XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form | E S | |
| CVE-2022-36098 | XWiki Platform Mentions UI vulnerable to Cross-site Scripting | E S | |
| CVE-2022-36099 | XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability | E S | |
| CVE-2022-36100 | XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection | E S | |
| CVE-2022-36101 | Sensitive data in backend customer module | S | |
| CVE-2022-36102 | Acess control list bypassed via crafted specific URLs | S | |
| CVE-2022-36103 | Talos worker join token can be used to get elevated access level to the Talos API | S | |
| CVE-2022-36104 | Denial of Service via Page Error Handling in TYPO3/cms | S | |
| CVE-2022-36105 | User Enumeration via Response Timing in TYPO3 | S | |
| CVE-2022-36106 | Missing check for expiration time of password reset token in TYPO3 | S | |
| CVE-2022-36107 | Stored Cross-Site Scripting via FileDumpController | S | |
| CVE-2022-36108 | Cross-Site Scripting in typo3/cms-core | S | |
| CVE-2022-36109 | Moby vulnerability relating to supplementary group permissions | S | |
| CVE-2022-36110 | Netmaker vulnerable to Insufficient Granularity of Access Control | | |
| CVE-2022-36111 | immundb has insufficient verification of data authenticity | E | |
| CVE-2022-36112 | Blind Server-Side Request Forgery (SSRF) in GLPI | S | |
| CVE-2022-36113 | Extracting malicious crates can corrupt arbitrary files | S | |
| CVE-2022-36114 | Extracting malicious crates can fill the file system | S | |
| CVE-2022-36115 | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment th... | | |
| CVE-2022-36116 | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment th... | | |
| CVE-2022-36117 | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment th... | | |
| CVE-2022-36118 | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment th... | | |
| CVE-2022-36119 | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment th... | | |
| CVE-2022-36120 | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment th... | | |
| CVE-2022-36121 | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment th... | S | |
| CVE-2022-36122 | The Automox Agent before 40 on Windows incorrectly sets permissions on key files.... | | |
| CVE-2022-36123 | The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss)... | E S | |
| CVE-2022-36124 | Memory overconsumption in Avro Rust SDK | | |
| CVE-2022-36125 | Integer overflow when reading corrupted .avro file in Avro Rust SDK | | |
| CVE-2022-36126 | An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The Sc... | E | |
| CVE-2022-36127 | Service unavailability impact in NodeJS agent(version <= 0.5.0) | | |
| CVE-2022-36129 | HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage... | | |
| CVE-2022-36130 | HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resourc... | | |
| CVE-2022-36131 | The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted descri... | E | |
| CVE-2022-36133 | The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 al... | | |
| CVE-2022-36136 | ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input... | E | |
| CVE-2022-36137 | ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input... | E | |
| CVE-2022-36139 | SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Writer::writeByte(u... | E | |
| CVE-2022-36140 | SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::DeclareFunction2:... | E | |
| CVE-2022-36141 | SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::MethodBody::write... | E | |
| CVE-2022-36142 | SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Reader::getU30().... | E | |
| CVE-2022-36143 | SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via __interceptor_strlen.par... | E | |
| CVE-2022-36144 | SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via base64_encode.... | E | |
| CVE-2022-36145 | SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::Reader::getWord()... | E | |
| CVE-2022-36146 | SWFMill commit 53d7690 was discovered to contain a memory allocation issue via operator new[](unsign... | E | |
| CVE-2022-36148 | fdkaac commit 53fe239 was discovered to contain a floating point exception (FPE) via wav_open at /sr... | E S | |
| CVE-2022-36149 | tifig v0.2.2 was discovered to contain a heap-use-after-free via temInfoEntry().... | E | |
| CVE-2022-36150 | tifig v0.2.2 was discovered to contain a heap-buffer overflow via __asan_memmove at /asan/asan_inter... | E | |
| CVE-2022-36151 | tifig v0.2.2 was discovered to contain a segmentation violation via getType() at /common/bbox.cpp.... | E | |
| CVE-2022-36152 | tifig v0.2.2 was discovered to contain a memory leak via operator new[](unsigned long) at /asan/asan... | E | |
| CVE-2022-36153 | tifig v0.2.2 was discovered to contain a segmentation violation via std::vector | E | |
| CVE-2022-36155 | tifig v0.2.2 was discovered to contain a resource allocation issue via operator new(unsigned long) a... | E | |
| CVE-2022-36157 | XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the abil... | | |
| CVE-2022-36158 | Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manag... | E S | |
| CVE-2022-36159 | Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root... | E S | |
| CVE-2022-36161 | Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username paramete... | E | |
| CVE-2022-36168 | A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/... | E | |
| CVE-2022-36170 | MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of pr... | E | |
| CVE-2022-36171 | MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion.... | E | |
| CVE-2022-36173 | FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 are vulnerable to TLS Man-in-Th... | E | |
| CVE-2022-36174 | FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agen... | E | |
| CVE-2022-36179 | Fusiondirectory 1.3 suffers from Improper Session Handling.... | E | |
| CVE-2022-36180 | Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?messa... | E | |
| CVE-2022-36182 | Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login cr... | | |
| CVE-2022-36186 | A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function g... | E S | |
| CVE-2022-36190 | GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_co... | E S | |
| CVE-2022-36191 | A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, ... | E S | |
| CVE-2022-36193 | SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, caus... | E | |
| CVE-2022-36194 | Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Conf... | E | |
| CVE-2022-36197 | BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows att... | E | |
| CVE-2022-36198 | Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.... | E | |
| CVE-2022-36200 | In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be logg... | E | |
| CVE-2022-36201 | Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php.... | E | |
| CVE-2022-36202 | Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.p... | | |
| CVE-2022-36203 | Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In ... | E | |
| CVE-2022-36215 | DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sys_info.php.... | E M | |
| CVE-2022-36216 | DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_... | E | |
| CVE-2022-36220 | Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attack... | | |
| CVE-2022-36221 | Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which all... | E | |
| CVE-2022-36222 | Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin ac... | E | |
| CVE-2022-36223 | In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to ... | | |
| CVE-2022-36224 | XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF).... | E | |
| CVE-2022-36225 | EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, colum... | E | |
| CVE-2022-36226 | SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService... | E M | |
| CVE-2022-36227 | In libarchive before 3.6.2, the software does not check for an error after calling calloc function t... | S | |
| CVE-2022-36228 | Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request,... | | |
| CVE-2022-36231 | pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Op... | E S | |
| CVE-2022-36233 | Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd.... | E | |
| CVE-2022-36234 | SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a... | E | |
| CVE-2022-36242 | Clinic's Patient Management System v1.0 is vulnerable to SQL Injection via /pms/update_medicine.php?... | | |
| CVE-2022-36243 | Directory Traversal on Shop Beat Services | | |
| CVE-2022-36244 | Multiple Stored Cross-Site Scripting Vulnerabilities on Shop Beat Services | | |
| CVE-2022-36246 | Shop Beat Services Vulnerable To Insecure Permissions | | |
| CVE-2022-36247 | Shop Beat Services Vulnerable To IDOR | | |
| CVE-2022-36249 | Shop Beat Services Vulnerable To Bypass 2FA via APIs | | |
| CVE-2022-36250 | Cross Site Request Forgery on Shop Beat Services | | |
| CVE-2022-36251 | Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php... | E | |
| CVE-2022-36254 | Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Manag... | E | |
| CVE-2022-36255 | A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows a... | E | |
| CVE-2022-36256 | A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attack... | E | |
| CVE-2022-36257 | A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attac... | E | |
| CVE-2022-36258 | A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows a... | E | |
| CVE-2022-36259 | A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 al... | E | |
| CVE-2022-36261 | An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to del... | E | |
| CVE-2022-36262 | An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to b... | E | |
| CVE-2022-36263 | StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An att... | E | |
| CVE-2022-36264 | In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary... | E M | |
| CVE-2022-36265 | In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. A... | E M | |
| CVE-2022-36266 | In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the ... | E M | |
| CVE-2022-36267 | In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command in... | E M | |
| CVE-2022-36270 | Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php.... | E | |
| CVE-2022-36271 | Outbyte PC Repair Installation File 1.7.112.7856 is vulnerable to Dll Hijacking. iertutil.dll is mis... | E | |
| CVE-2022-36272 | Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI... | E | |
| CVE-2022-36273 | Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.... | E | |
| CVE-2022-36276 | SQL injection vulnerability in TCMAN GIM | S | |
| CVE-2022-36277 | SQL injection vulnerability in TCMAN GIM | S | |
| CVE-2022-36278 | Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before ve... | | |
| CVE-2022-36279 | A stack-based buffer overflow vulnerability exists in the httpd delfile.cgi functionality of Siretta... | E | |
| CVE-2022-36280 | There is an out-of-bounds write vulnerability in vmwgfx driver | | |
| CVE-2022-36281 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36282 | WordPress Search Exclude plugin <= 1.2.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-36283 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36284 | WordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Authenticated IDOR vulnerability leading to PayPal email change | S | |
| CVE-2022-36285 | WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability | | |
| CVE-2022-36286 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36287 | Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow ... | | |
| CVE-2022-36288 | WordPress Download Manager plugin <= 3.2.48 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | S | |
| CVE-2022-36289 | Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an a... | S | |
| CVE-2022-36290 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36291 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36292 | WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Cross-Site Request Forgery (CSRF) vulnerabilities | | |
| CVE-2022-36293 | Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attac... | | |
| CVE-2022-36294 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36296 | WordPress ActiveDEMAND plugin <= 0.2.27 - Broken Authentication vulnerability | S | |
| CVE-2022-36297 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36298 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36301 | BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote ... | | |
| CVE-2022-36302 | File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attack... | | |
| CVE-2022-36303 | Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the handle_f... | E | |
| CVE-2022-36304 | Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the generate... | E | |
| CVE-2022-36305 | Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the body fun... | E | |
| CVE-2022-36306 | An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web man... | E | |
| CVE-2022-36307 | The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. T... | | |
| CVE-2022-36308 | Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versio... | | |
| CVE-2022-36309 | Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vuln... | E | |
| CVE-2022-36310 | Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on ... | E | |
| CVE-2022-36311 | Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading ... | | |
| CVE-2022-36312 | Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web m... | | |
| CVE-2022-36313 | An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A... | | |
| CVE-2022-36314 | When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path th... | | |
| CVE-2022-36315 | When loading a script with Subresource Integrity, attackers with an injection capability could trigg... | | |
| CVE-2022-36316 | When using the Performance API, an attacker was able to notice subtle differences between Performanc... | | |
| CVE-2022-36317 | When visiting a website with an overly long URL, the user interface would start to hang. Due to sess... | | |
| CVE-2022-36318 | When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected... | | |
| CVE-2022-36319 | When combining CSS properties for overflow and transform, the mouse cursor could interact with diffe... | | |
| CVE-2022-36320 | Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. ... | | |
| CVE-2022-36321 | In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some... | | |
| CVE-2022-36322 | In JetBrains TeamCity before 2022.04.2 build parameter injection was possible... | | |
| CVE-2022-36323 | Affected devices do not properly sanitize an input field. This could allow an authenticated remote ... | S | |
| CVE-2022-36324 | Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an... | M | |
| CVE-2022-36325 | Affected devices do not properly sanitize data introduced by an user when rendering the web interfac... | M | |
| CVE-2022-36326 | Resource Exhaustion Vulnerability in Western Digital devices | S | |
| CVE-2022-36327 | Path traversal vulnerability leading to an arbitrary file write in Western Digital devices | S | |
| CVE-2022-36328 | Path Traversal Vulnerability leading to an arbitrary file read in Western Digital devices | S | |
| CVE-2022-36329 | Denial of Service over OTA mechanism in Western Digital My Cloud Home and ibi devices | S | |
| CVE-2022-36330 | Buffer Overflow Vulnerability in Western Digital My Cloud Home and ibi devices | S | |
| CVE-2022-36331 | Impersonation attack causing an Authentication Bypass on Western Digital devices | S | |
| CVE-2022-36336 | A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Busin... | | |
| CVE-2022-36337 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vul... | | |
| CVE-2022-36338 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerabilit... | E | |
| CVE-2022-36339 | Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute El... | | |
| CVE-2022-36340 | WordPress MailOptin plugin <= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion vulnerability | S | |
| CVE-2022-36341 | WordPress AS – Create Pinterest Pinboard Pages plugin <= 1.0 - Authenticated plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-36342 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36343 | WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-36344 | An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundl... | | |
| CVE-2022-36345 | WordPress Download Plugin Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-36346 | WordPress MaxButtons plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | S | |
| CVE-2022-36347 | WordPress Alpine PhotoTile for Pinterest plugin <= 1.3.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-36348 | Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an a... | | |
| CVE-2022-36349 | Insecure default variable initialization in BIOS firmware for some Intel(R) NUC Boards and Intel(R) ... | S | |
| CVE-2022-36350 | Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attack... | S | |
| CVE-2022-36351 | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may all... | S | |
| CVE-2022-36352 | WordPress ProfileGrid Plugin <= 5.0.3 is vulnerable to Broken Access Control | S | |
| CVE-2022-36353 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36354 | A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch... | E | |
| CVE-2022-36355 | WordPress Easy Org Chart plugin <= 3.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-36356 | WordPress Culture Object plugin <= 4.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-36357 | WordPress ULTIMATE TABLES plugin <= 1.6.5 - Unauth. Reflected Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-36358 | WordPress SEO Scout plugin <= 0.9.83 - Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2022-36359 | An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.... | S | |
| CVE-2022-36360 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Aff... | S | |
| CVE-2022-36361 | A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/... | S | |
| CVE-2022-36362 | A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/... | S | |
| CVE-2022-36363 | A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/... | S | |
| CVE-2022-36364 | Apache Calcite Avatica JDBC driver `httpclient_impl` connection property can be used as an RCE vector | | |
| CVE-2022-36365 | WordPress WHA Crossword plugin <= 1.1.10 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | E | |
| CVE-2022-36366 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36367 | Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 m... | | |
| CVE-2022-36368 | Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions pr... | | |
| CVE-2022-36369 | Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allo... | | |
| CVE-2022-36370 | Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits before v... | S | |
| CVE-2022-36372 | Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to poten... | S | |
| CVE-2022-36373 | WordPress MP3 jPlayer plugin <= 2.7.3 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | E | |
| CVE-2022-36374 | Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi... | | |
| CVE-2022-36375 | WordPress Tabs plugin <= 3.6.0 - Authenticated WordPress Options Change vulnerability | S | |
| CVE-2022-36376 | WordPress Rank Math SEO plugin <= 1.0.95 - Server-Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2022-36377 | Insecure inherited permissions in some Intel(R) Wireless Adapter Driver installation software for In... | | |
| CVE-2022-36378 | WordPress Floating Div plugin <= 3.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-36379 | WordPress ЮKassa для WooCommerce plugin <= 2.3.0 - Cross-Site Request Forgery (CSRF) leading to plugin settings update | S | |
| CVE-2022-36380 | Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter driver... | | |
| CVE-2022-36381 | OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an ... | | |
| CVE-2022-36382 | Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Ser... | | |
| CVE-2022-36383 | WordPress Word Search Puzzles game plugin <= 2.0.1 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | | |
| CVE-2022-36384 | Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers fo... | | |
| CVE-2022-36385 | Contec Health CMS8000 | M | |
| CVE-2022-36386 | WordPress Import any XML or CSV File to WordPress plugin <= 3.6.7 - Authenticated Arbitrary Code Execution vulnerability | S | |
| CVE-2022-36387 | WordPress About Me plugin <= 1.0.12 - Broken Access Control vulnerability | | |
| CVE-2022-36388 | WordPress YDS Support Ticket System plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2022-36389 | WordPress Better Messages plugin <= 1.9.9.148 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-36390 | WordPress Event Calendar – Calendar plugin <= 1.4.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-36391 | Incorrect default permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may all... | | |
| CVE-2022-36392 | Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability befo... | | |
| CVE-2022-36393 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36394 | WordPress Contest Gallery plugin <= 17.0.4 - Authenticated SQL Injection (SQLi) vulnerability | S | |
| CVE-2022-36395 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36396 | Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi... | | |
| CVE-2022-36397 | Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux befo... | S | |
| CVE-2022-36398 | Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 ... | | |
| CVE-2022-36399 | WordPress Booked Plugin < 2.4.4 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2022-36400 | Path traversal in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Wind... | | |
| CVE-2022-36401 | WordPress TeraWallet – For WooCommerce Plugin <= 1.3.24 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-36402 | There is an int overflow vulnerability in vmwgfx driver | | |
| CVE-2022-36403 | Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.... | | |
| CVE-2022-36404 | WordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerability | S | |
| CVE-2022-36405 | WordPress amCharts: Charts and Maps plugin <= 1.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-36406 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36407 | Information Exposure Vulnerability in Hitachi Disk Array Systems | | |
| CVE-2022-36408 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-31181. Reason: This candidat... | R | |
| CVE-2022-36412 | In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authenticati... | | |
| CVE-2022-36413 | Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads t... | S | |
| CVE-2022-36414 | There is an elevation of privilege breakout vulnerability in the Windows EXE installer in Scooter Be... | | |
| CVE-2022-36415 | A DLL hijacking vulnerability exists in the uninstaller in Scooter Beyond Compare 1.8a through 4.4.2... | | |
| CVE-2022-36416 | Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware befor... | | |
| CVE-2022-36417 | WordPress 3D Tag Cloud plugin <= 3.8 - Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2022-36418 | WordPress HREFLANG Tags Lite Plugin <= 2.0.0 is vulnerable to Broken Authentication | | |
| CVE-2022-36419 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36420 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36421 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36422 | WP-PostRatings plugin <= 1.89 - Rating increase/decrease via race condition | S | |
| CVE-2022-36423 | Incorrect configuration of the cJSON library lead a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices. | | |
| CVE-2022-36424 | WordPress Easy Appointments Plugin <= 3.11.9 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-36425 | WordPress Beaver Builder plugin <= 2.5.4.3 - Broken Access Control vulnerability | S | |
| CVE-2022-36426 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36427 | WordPress About Rentals plugin <= 1.5 - Missing Access Control vulnerability | | |
| CVE-2022-36428 | WordPress Rock Convert plugin <= 2.11.0 - Auth. Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-36429 | A command execution vulnerability exists in the ubus backend communications functionality of Netgear... | E | |
| CVE-2022-36431 | An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthen... | E | |
| CVE-2022-36432 | The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. Thi... | E | |
| CVE-2022-36433 | The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injec... | E | |
| CVE-2022-36436 | OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuth... | E S | |
| CVE-2022-36437 | The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to ac... | | |
| CVE-2022-36438 | AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to l... | | |
| CVE-2022-36439 | AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows... | | |
| CVE-2022-36440 | A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function.... | E | |
| CVE-2022-36441 | An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gboard used by different applica... | | |
| CVE-2022-36442 | An issue was discovered in Zebra Enterprise Home Screen 4.1.19. By using the embedded Google Chrome ... | | |
| CVE-2022-36443 | An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator ... | | |
| CVE-2022-36444 | An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape B... | | |
| CVE-2022-36446 | software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.... | E S | |
| CVE-2022-36447 | An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens mint... | | |
| CVE-2022-36448 | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corr... | E | |
| CVE-2022-36449 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper G... | | |
| CVE-2022-36450 | Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-address remote code execution be... | E | |
| CVE-2022-36451 | A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could al... | M | |
| CVE-2022-36452 | A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an... | | |
| CVE-2022-36453 | A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an ... | M | |
| CVE-2022-36454 | A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authen... | M | |
| CVE-2022-36455 | TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2022-36456 | TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2022-36458 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-36459 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-36460 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-36461 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-36462 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the lang param... | E | |
| CVE-2022-36463 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the command pa... | E | |
| CVE-2022-36464 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the sPort para... | E | |
| CVE-2022-36465 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the pppoeUser ... | E | |
| CVE-2022-36466 | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the ip paramet... | E | |
| CVE-2022-36467 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function EditMacList.d... | E | |
| CVE-2022-36468 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Asp_SetTiming... | E | |
| CVE-2022-36469 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetAPWifiorLe... | E | |
| CVE-2022-36470 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetAP5GWifiBy... | E | |
| CVE-2022-36471 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetMacAccessM... | E | |
| CVE-2022-36472 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetMobileAPIn... | E | |
| CVE-2022-36473 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Edit_BasicSSI... | E | |
| CVE-2022-36474 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function WlanWpsSet.... | E | |
| CVE-2022-36475 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function AddMacList.... | E | |
| CVE-2022-36477 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function AddWlanMacLis... | E | |
| CVE-2022-36478 | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Edit_BasicSSI... | E | |
| CVE-2022-36479 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-36480 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the command pa... | E | |
| CVE-2022-36481 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-36482 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-36483 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the pppoeUser ... | E | |
| CVE-2022-36484 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the function s... | E | |
| CVE-2022-36485 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-36486 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-36487 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-36488 | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the sPort para... | E | |
| CVE-2022-36489 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Enable... | E | |
| CVE-2022-36490 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EditMa... | E | |
| CVE-2022-36491 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Update... | E | |
| CVE-2022-36492 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function AddMac... | E | |
| CVE-2022-36493 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPW... | E | |
| CVE-2022-36494 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function eddita... | E | |
| CVE-2022-36495 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function addact... | E | |
| CVE-2022-36496 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetMob... | E | |
| CVE-2022-36497 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Edit_B... | E | |
| CVE-2022-36498 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Asp_Se... | E | |
| CVE-2022-36499 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function DElete... | E | |
| CVE-2022-36500 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EditWl... | E | |
| CVE-2022-36501 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Update... | E | |
| CVE-2022-36502 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Update... | E | |
| CVE-2022-36503 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Update... | E | |
| CVE-2022-36504 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Edit_B... | E | |
| CVE-2022-36505 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EDitus... | E | |
| CVE-2022-36506 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetMac... | E | |
| CVE-2022-36507 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function AddWla... | E | |
| CVE-2022-36508 | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPI... | E | |
| CVE-2022-36509 | H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the par... | E | |
| CVE-2022-36510 | H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the par... | E | |
| CVE-2022-36511 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function EditApAd... | E | |
| CVE-2022-36513 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function edditact... | E | |
| CVE-2022-36514 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function WanModeS... | E | |
| CVE-2022-36515 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function addactio... | E | |
| CVE-2022-36516 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function ap_versi... | E | |
| CVE-2022-36517 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function debug_wl... | E | |
| CVE-2022-36518 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function EditWlan... | E | |
| CVE-2022-36519 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function AddWlanM... | E | |
| CVE-2022-36520 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function DEleteus... | E | |
| CVE-2022-36521 | Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administra... | E | |
| CVE-2022-36522 | Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the compo... | E | |
| CVE-2022-36523 | D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command inje... | | |
| CVE-2022-36524 | D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static Defau... | | |
| CVE-2022-36525 | D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Buffer Overf... | | |
| CVE-2022-36526 | D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authenticati... | | |
| CVE-2022-36527 | Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in... | E | |
| CVE-2022-36529 | Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and o... | E | |
| CVE-2022-36530 | An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related... | E | |
| CVE-2022-36532 | Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with... | E | |
| CVE-2022-36533 | Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to conta... | E | |
| CVE-2022-36534 | Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to conta... | E | |
| CVE-2022-36536 | An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for... | E | |
| CVE-2022-36537 | ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive info... | KEV S | |
| CVE-2022-36539 | WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted call... | E | |
| CVE-2022-36542 | An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows ... | | |
| CVE-2022-36543 | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via th... | E | |
| CVE-2022-36544 | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via th... | E | |
| CVE-2022-36545 | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via th... | E | |
| CVE-2022-36546 | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) ... | E | |
| CVE-2022-36547 | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XS... | | |
| CVE-2022-36548 | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) ... | | |
| CVE-2022-36551 | A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community E... | S | |
| CVE-2022-36552 | Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/... | | |
| CVE-2022-36553 | Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability ... | | |
| CVE-2022-36554 | A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter ... | | |
| CVE-2022-36555 | Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can... | | |
| CVE-2022-36556 | Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerab... | | |
| CVE-2022-36557 | Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vul... | | |
| CVE-2022-36558 | Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account.... | | |
| CVE-2022-36559 | Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerabil... | | |
| CVE-2022-36560 | Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes ... | | |
| CVE-2022-36561 | XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:5... | E | |
| CVE-2022-36562 | Incorrect access control in the install directory (C:\Ruby31-x64) of Rubyinstaller2 v3.1.2 and below... | | |
| CVE-2022-36563 | Incorrect access control in the install directory (C:\RailsInstaller) of Rubyinstaller2 v3.1.2 and b... | | |
| CVE-2022-36564 | Incorrect access control in the install directory (C:\Strawberry) of StrawberryPerl v5.32.1.1 and be... | | |
| CVE-2022-36565 | Incorrect access control in the install directory (C:\Wamp64) of Wamp v3.2.6 and below allows authen... | | |
| CVE-2022-36566 | Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine funct... | E | |
| CVE-2022-36568 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/... | E | |
| CVE-2022-36569 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /g... | E | |
| CVE-2022-36570 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/... | E | |
| CVE-2022-36571 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/... | E | |
| CVE-2022-36572 | Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (... | E | |
| CVE-2022-36573 | A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitr... | E | |
| CVE-2022-36577 | An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.... | E | |
| CVE-2022-36578 | jizhicms v2.3.1 has SQL injection in the background.... | E | |
| CVE-2022-36579 | Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF).... | E | |
| CVE-2022-36580 | An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of... | E | |
| CVE-2022-36581 | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_e... | E | |
| CVE-2022-36582 | An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Mana... | E | |
| CVE-2022-36583 | DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /de... | E | |
| CVE-2022-36584 | In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, the getsinglepppuser function has a buffer overflow... | S | |
| CVE-2022-36585 | In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, in httpd binary, the addDhcpRule function has a buf... | S | |
| CVE-2022-36586 | In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer overflow vulnerability caused by ... | S | |
| CVE-2022-36587 | In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer overflow vulnerability caused by ... | S | |
| CVE-2022-36588 | In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the firmware has a buffer overflow v... | S | |
| CVE-2022-36593 | kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileNam... | E | |
| CVE-2022-36594 | Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids paramete... | E | |
| CVE-2022-36599 | Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete UR... | E | |
| CVE-2022-36600 | BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the comp... | E | |
| CVE-2022-36601 | The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 and below is open on port 1534... | E | |
| CVE-2022-36602 | InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerab... | E | |
| CVE-2022-36603 | InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contain a remote code execution (RCE... | E | |
| CVE-2022-36604 | An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and below allows unauthenticated attac... | E | |
| CVE-2022-36605 | Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter.... | E | |
| CVE-2022-36606 | Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?dat... | E | |
| CVE-2022-36609 | Clinic's Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via ... | | |
| CVE-2022-36610 | TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /et... | E | |
| CVE-2022-36611 | TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /e... | E | |
| CVE-2022-36612 | TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /... | E | |
| CVE-2022-36613 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /e... | E | |
| CVE-2022-36614 | TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /e... | E | |
| CVE-2022-36615 | TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at ... | E | |
| CVE-2022-36616 | TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcode... | E | |
| CVE-2022-36617 | Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This i... | | |
| CVE-2022-36619 | In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setM... | E | |
| CVE-2022-36620 | D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /go... | E | |
| CVE-2022-36621 | Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference v... | | |
| CVE-2022-36622 | Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference v... | S | |
| CVE-2022-36633 | Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can ... | E | |
| CVE-2022-36634 | An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create... | E | |
| CVE-2022-36635 | ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the com... | E | |
| CVE-2022-36636 | Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id par... | E | |
| CVE-2022-36637 | Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vuln... | E | |
| CVE-2022-36638 | An access control issue in the component print.php of Garage Management System v1.0 allows unauthent... | E | |
| CVE-2022-36639 | A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 al... | E | |
| CVE-2022-36640 | influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauth... | S | |
| CVE-2022-36642 | A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node thr... | E | |
| CVE-2022-36647 | PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequ... | E | |
| CVE-2022-36648 | The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0... | S | |
| CVE-2022-36657 | Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability ... | E | |
| CVE-2022-36659 | xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_w... | E | |
| CVE-2022-36660 | xhyve commit dfbe09b was discovered to contain a stack buffer overflow via the component pci_vtrnd_n... | E | |
| CVE-2022-36661 | xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_r... | E | |
| CVE-2022-36663 | Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attac... | | |
| CVE-2022-36664 | Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordM... | E | |
| CVE-2022-36667 | Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of fil... | E | |
| CVE-2022-36668 | Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameter... | E | |
| CVE-2022-36669 | Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allow... | E | |
| CVE-2022-36670 | PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authen... | E | |
| CVE-2022-36671 | Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the backgro... | E | |
| CVE-2022-36672 | Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file.... | E | |
| CVE-2022-36674 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the i... | E | |
| CVE-2022-36675 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the i... | E | |
| CVE-2022-36676 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the i... | E | |
| CVE-2022-36677 | Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected i... | E | |
| CVE-2022-36678 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the i... | E | |
| CVE-2022-36679 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the i... | E | |
| CVE-2022-36680 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the i... | E | |
| CVE-2022-36681 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the i... | E | |
| CVE-2022-36682 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the i... | E | |
| CVE-2022-36683 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the i... | E | |
| CVE-2022-36686 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-36687 | Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulner... | E | |
| CVE-2022-36688 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-36689 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-36690 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-36692 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-36693 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-36695 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-36696 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-36697 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-36698 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-36699 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-36700 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-36701 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-36703 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-36704 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id pa... | E | |
| CVE-2022-36705 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-36706 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-36707 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2214. Reason: This candidate... | R | |
| CVE-2022-36708 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id pa... | E | |
| CVE-2022-36709 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-36711 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-36712 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-36713 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Secti... | E | |
| CVE-2022-36714 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Secti... | E | |
| CVE-2022-36715 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the name ... | E | |
| CVE-2022-36716 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-36719 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the ok pa... | E | |
| CVE-2022-36720 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-36721 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Textb... | E | |
| CVE-2022-36722 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the title... | E | |
| CVE-2022-36725 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id ... | E | |
| CVE-2022-36727 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookI... | E | |
| CVE-2022-36728 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollN... | E | |
| CVE-2022-36729 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id ... | E | |
| CVE-2022-36730 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookI... | E | |
| CVE-2022-36731 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollN... | E | |
| CVE-2022-36732 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-36733 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id ... | E | |
| CVE-2022-36734 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollN... | E | |
| CVE-2022-36735 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookI... | E | |
| CVE-2022-36736 | Jitsi-2.10.5550 was discovered to contain a vulnerability in its web UI which allows attackers to pe... | | |
| CVE-2022-36745 | LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the compon... | S | |
| CVE-2022-36746 | LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the compon... | S | |
| CVE-2022-36747 | Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function u... | E | |
| CVE-2022-36748 | PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the comp... | E | |
| CVE-2022-36749 | RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the componen... | E S | |
| CVE-2022-36750 | Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=.... | E | |
| CVE-2022-36752 | png2webp v1.0.4 was discovered to contain an out-of-bounds write via the function w2p. This vulnerab... | E S | |
| CVE-2022-36754 | Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id pa... | E | |
| CVE-2022-36755 | D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demons... | E S | |
| CVE-2022-36756 | DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php.... | E | |
| CVE-2022-36757 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-36759 | Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the com... | | |
| CVE-2022-36760 | Apache HTTP Server: mod_proxy_ajp Possible request smuggling | | |
| CVE-2022-36763 | Heap Buffer Overflow in Tcg2MeasureGptTable | M | |
| CVE-2022-36764 | Heap Buffer Overflow in Tcg2MeasurePeImage | | |
| CVE-2022-36765 | Integer Overflow in CreateHob | | |
| CVE-2022-36768 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerabili... | S | |
| CVE-2022-36769 | IBM Cloud Pak for Data file upload | | |
| CVE-2022-36771 | IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information... | S | |
| CVE-2022-36772 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive informa... | S | |
| CVE-2022-36773 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (X... | S | |
| CVE-2022-36774 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks... | S | |
| CVE-2022-36775 | IBM Security Verify Access HOST header injection | S | |
| CVE-2022-36776 | IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. Thi... | S | |
| CVE-2022-36777 | IBM Cloud Pak for Security information disclosure | | |
| CVE-2022-36778 | Synel - eHarmony Stored XSS | S | |
| CVE-2022-36779 | PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection | S | |
| CVE-2022-36780 | Avdor CIS - crystal quality Credentials Management Errors | E S | |
| CVE-2022-36781 | ConnectWise - ScreenConnect Session Code Bypass | S | |
| CVE-2022-36782 | Pal Electronics Systems - Pal Gate Authorization Errors | S | |
| CVE-2022-36783 | AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS) | S | |
| CVE-2022-36784 | Elsight – Elsight Halo Remote Code Execution (RCE) | S | |
| CVE-2022-36785 | D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. | | |
| CVE-2022-36786 | DLINK - DSL-224 Post-auth RCE. | S | |
| CVE-2022-36787 | webvendome - webvendome SQL Injection | S | |
| CVE-2022-36788 | A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r ... | E | |
| CVE-2022-36789 | Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC ... | | |
| CVE-2022-36791 | WordPress Torro Forms plugin <= 1.0.16 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-36792 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-36793 | WordPress WP Shop plugin <= 3.9.6 - Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities | | |
| CVE-2022-36794 | Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allo... | | |
| CVE-2022-36795 | BIG-IP software SYN cookies vulnerability CVE-2022-36795 | M | |
| CVE-2022-36796 | WordPress CallRail Phone Call Tracking plugin <= 0.4.9 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) | | |
| CVE-2022-36797 | Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware befor... | | |
| CVE-2022-36798 | WordPress Mega Addons For WPBakery Page Builder plugin <= 4.2.7 - Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2022-36799 | This issue exists to document that a security improvement in the way that Jira Server and Data Cente... | | |
| CVE-2022-36800 | Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers... | | |
| CVE-2022-36801 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to injec... | | |
| CVE-2022-36802 | The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers... | | |
| CVE-2022-36803 | The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticate... | | |
| CVE-2022-36804 | Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, fr... | KEV E S | |
| CVE-2022-36816 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-36827 | Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it ... | R | |
| CVE-2022-36829 | PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 all... | | |
| CVE-2022-36830 | PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2... | | |
| CVE-2022-36831 | Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows atta... | | |
| CVE-2022-36832 | Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4... | | |
| CVE-2022-36833 | Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in... | | |
| CVE-2022-36834 | Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows loca... | | |
| CVE-2022-36835 | Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allow... | | |
| CVE-2022-36836 | Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to re... | | |
| CVE-2022-36837 | Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 a... | | |
| CVE-2022-36838 | Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker t... | | |
| CVE-2022-36839 | SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows atta... | | |
| CVE-2022-36840 | DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to ex... | | |
| CVE-2022-36841 | A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.sp... | | |
| CVE-2022-36842 | A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk... | | |
| CVE-2022-36843 | A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.... | | |
| CVE-2022-36844 | A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spen... | | |
| CVE-2022-36845 | A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.... | | |
| CVE-2022-36846 | A heap-based overflow vulnerability in ConstructDictionary function in libSDKRecognitionText.spensdk... | | |
| CVE-2022-36847 | Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release... | | |
| CVE-2022-36848 | Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows l... | | |
| CVE-2022-36849 | Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR S... | | |
| CVE-2022-36850 | Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to ov... | | |
| CVE-2022-36851 | Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attac... | | |
| CVE-2022-36852 | Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local at... | | |
| CVE-2022-36853 | Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive ... | | |
| CVE-2022-36854 | Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker acc... | | |
| CVE-2022-36855 | A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to ... | | |
| CVE-2022-36856 | Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows ... | | |
| CVE-2022-36857 | Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical... | | |
| CVE-2022-36858 | A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() function in libSDKRecognition... | | |
| CVE-2022-36859 | Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privilege... | | |
| CVE-2022-36860 | A heap-based overflow vulnerability in LoadEnvironment function in libSDKRecognitionText.spensdk.sam... | | |
| CVE-2022-36861 | Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker t... | | |
| CVE-2022-36862 | A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct() in libSDKRecognitionText.sp... | | |
| CVE-2022-36863 | A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc function in libSDKRecognitionTe... | | |
| CVE-2022-36864 | Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker t... | | |
| CVE-2022-36865 | Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in ... | | |
| CVE-2022-36866 | Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in... | | |
| CVE-2022-36867 | Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to ... | | |
| CVE-2022-36868 | Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 le... | | |
| CVE-2022-36869 | Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version ... | | |
| CVE-2022-36870 | Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to versi... | | |
| CVE-2022-36871 | Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for... | | |
| CVE-2022-36872 | Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 fo... | | |
| CVE-2022-36873 | Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to v... | | |
| CVE-2022-36874 | Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.... | | |
| CVE-2022-36875 | Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to versio... | | |
| CVE-2022-36876 | Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical att... | | |
| CVE-2022-36877 | Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.... | | |
| CVE-2022-36878 | Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local attacker... | | |
| CVE-2022-36879 | An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_p... | S | |
| CVE-2022-36880 | The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail ... | | |
| CVE-2022-36881 | Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connect... | | |
| CVE-2022-36882 | A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows at... | | |
| CVE-2022-36883 | A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers... | | |
| CVE-2022-36884 | The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers info... | | |
| CVE-2022-36885 | Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking ... | | |
| CVE-2022-36886 | A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v3... | | |
| CVE-2022-36887 | A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v... | | |
| CVE-2022-36888 | A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows ... | | |
| CVE-2022-36889 | Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application pat... | | |
| CVE-2022-36890 | Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files i... | | |
| CVE-2022-36891 | A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows ... | | |
| CVE-2022-36892 | Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method impl... | | |
| CVE-2022-36893 | Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a permission check in a method impl... | | |
| CVE-2022-36894 | An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f a... | | |
| CVE-2022-36895 | A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows atta... | | |
| CVE-2022-36896 | A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plug... | | |
| CVE-2022-36897 | A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allo... | | |
| CVE-2022-36898 | A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows atta... | | |
| CVE-2022-36899 | Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controll... | | |
| CVE-2022-36900 | Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/... | | |
| CVE-2022-36901 | Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global... | | |
| CVE-2022-36902 | Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape several fields of... | | |
| CVE-2022-36903 | A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers... | | |
| CVE-2022-36904 | Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a metho... | | |
| CVE-2022-36905 | Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL vali... | | |
| CVE-2022-36906 | A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and ear... | | |
| CVE-2022-36907 | A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers w... | | |
| CVE-2022-36908 | A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and ear... | | |
| CVE-2022-36909 | A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers w... | | |
| CVE-2022-36910 | Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in se... | | |
| CVE-2022-36911 | A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier a... | | |
| CVE-2022-36912 | A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Ov... | | |
| CVE-2022-36913 | Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permission checks in methods implemen... | | |
| CVE-2022-36914 | Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method i... | | |
| CVE-2022-36915 | Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method imp... | | |
| CVE-2022-36916 | A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earl... | | |
| CVE-2022-36917 | A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers wi... | | |
| CVE-2022-36918 | Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method impleme... | | |
| CVE-2022-36919 | A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overa... | | |
| CVE-2022-36920 | A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allo... | | |
| CVE-2022-36921 | A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overa... | | |
| CVE-2022-36922 | Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query paramete... | | |
| CVE-2022-36923 | Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow A... | | |
| CVE-2022-36924 | Local Privilege Escalation in Zoom Rooms Installer for Windows | | |
| CVE-2022-36925 | Insecure key generation for Zoom Rooms for macOS Clients | | |
| CVE-2022-36926 | Local Privilege Escalation in Zoom Rooms for macOS Clients | | |
| CVE-2022-36927 | Local Privilege Escalation in Zoom Rooms for macOS Clients | | |
| CVE-2022-36928 | Path Traversal in Zoom for Android Clients | | |
| CVE-2022-36929 | Local Privilege Escalation in Zoom Rooms for Windows Clients | | |
| CVE-2022-36930 | Local Privilege Escalation in Zoom Rooms for Windows Installers | | |
| CVE-2022-36934 | An integer overflow in WhatsApp could result in remote code execution in an established video call.... | | |
| CVE-2022-36937 | HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in ... | S | |
| CVE-2022-36938 | DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound... | S | |
| CVE-2022-36943 | SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of s... | E | |
| CVE-2022-36944 | Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot b... | E S | |
| CVE-2022-36945 | The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicles through 2020 allows remote a... | E | |
| CVE-2022-36946 | nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote at... | S | |
| CVE-2022-36947 | Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer o... | | |
| CVE-2022-36948 | In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x th... | | |
| CVE-2022-36949 | In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could ... | | |
| CVE-2022-36950 | In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote com... | | |
| CVE-2022-36951 | In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploi... | | |
| CVE-2022-36952 | In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the und... | | |
| CVE-2022-36953 | In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to ... | | |
| CVE-2022-36954 | In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be a... | | |
| CVE-2022-36955 | In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send spec... | | |
| CVE-2022-36956 | In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host t... | | |
| CVE-2022-36957 | SolarWinds Platform Deserialization of Untrusted Data | S | |
| CVE-2022-36958 | SolarWinds Platform Deserialization of Untrusted Data | S | |
| CVE-2022-36960 | SolarWinds Platform Improper Input Validation | S | |
| CVE-2022-36961 | Orion Platform SQL Injection Privilege Escalation Vulnerability | S | |
| CVE-2022-36962 | SolarWinds Platform Command Injection | S | |
| CVE-2022-36963 | SolarWinds Platform Deserialization of Untrusted Data Vulnerability | S | |
| CVE-2022-36964 | SolarWinds Platform Deserialization of Untrusted Data | S | |
| CVE-2022-36965 | Stored and DOM XSS in QoE Applications: Orion Platform | | |
| CVE-2022-36966 | Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6 | | |
| CVE-2022-36967 | In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vuln... | | |
| CVE-2022-36968 | In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not ... | | |
| CVE-2022-36969 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | S | |
| CVE-2022-36970 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of AV... | S | |
| CVE-2022-36971 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Iv... | | |
| CVE-2022-36972 | This vulnerability allows remote attackers to bypass authentication on affected installations of Iva... | | |
| CVE-2022-36973 | This vulnerability allows remote attackers to bypass authentication on affected installations of Iva... | | |
| CVE-2022-36974 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Iv... | | |
| CVE-2022-36975 | This vulnerability allows remote attackers to bypass authentication on affected installations of Iva... | | |
| CVE-2022-36976 | This vulnerability allows remote attackers to bypass authentication on affected installations of Iva... | | |
| CVE-2022-36977 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Iv... | | |
| CVE-2022-36978 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Iv... | | |
| CVE-2022-36979 | This vulnerability allows remote attackers to bypass authentication on affected installations of Iva... | | |
| CVE-2022-36980 | This vulnerability allows remote attackers to bypass authentication on affected installations of Iva... | | |
| CVE-2022-36981 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Iv... | | |
| CVE-2022-36982 | This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivan... | | |
| CVE-2022-36983 | This vulnerability allows remote attackers to bypass authentication on affected installations of Iva... | | |
| CVE-2022-36984 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th... | S | |
| CVE-2022-36985 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th... | S | |
| CVE-2022-36986 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th... | S | |
| CVE-2022-36987 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th... | S | |
| CVE-2022-36988 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th... | S | |
| CVE-2022-36989 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th... | S | |
| CVE-2022-36990 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th... | S | |
| CVE-2022-36991 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th... | S | |
| CVE-2022-36992 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th... | S | |
| CVE-2022-36993 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th... | S | |
| CVE-2022-36994 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th... | S | |
| CVE-2022-36995 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th... | S | |
| CVE-2022-36996 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th... | S | |
| CVE-2022-36997 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th... | S | |
| CVE-2022-36998 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th... | S | |
| CVE-2022-36999 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th... | S |