| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-37000 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th... | S | |
| CVE-2022-37001 | The diag-router module has a vulnerability in intercepting excessive long and short instructions. Su... | | |
| CVE-2022-37002 | The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulner... | | |
| CVE-2022-37003 | The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnera... | | |
| CVE-2022-37004 | The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successf... | | |
| CVE-2022-37005 | The Settings application has an argument injection vulnerability. Successful exploitation of this vu... | | |
| CVE-2022-37006 | Permission control vulnerability in the network module. Successful exploitation of this vulnerabilit... | | |
| CVE-2022-37007 | The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnera... | | |
| CVE-2022-37008 | The recovery module has a vulnerability of bypassing the verification of an update package before us... | | |
| CVE-2022-37009 | In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible... | | |
| CVE-2022-37010 | In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defin... | | |
| CVE-2022-37011 | A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), M... | S | |
| CVE-2022-37012 | This vulnerability allows remote attackers to create a denial-of-service condition on affected insta... | | |
| CVE-2022-37013 | This vulnerability allows remote attackers to create a denial-of-service condition on affected insta... | | |
| CVE-2022-37015 | Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a p... | | |
| CVE-2022-37016 | Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerabil... | | |
| CVE-2022-37017 | Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible... | | |
| CVE-2022-37018 | A potential vulnerability has been identified in the system BIOS for certain HP PC products which ma... | S | |
| CVE-2022-37019 | HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows | | |
| CVE-2022-37020 | HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows | | |
| CVE-2022-37021 | Apache Geode deserialization of untrusted data flaw when using JMX over RMI on Java 8. | M | |
| CVE-2022-37022 | Apache Geode deserialization of untrusted data flaw when using JMX over RMI on Java 11 | M | |
| CVE-2022-37023 | Apache Geode deserialization of untrusted data flaw when using REST API on Java 8 or Java 11 | M | |
| CVE-2022-37024 | Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow A... | | |
| CVE-2022-37025 | An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 ... | S | |
| CVE-2022-37026 | In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Auth... | S | |
| CVE-2022-37027 | Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Adm... | E | |
| CVE-2022-37028 | ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, a... | | |
| CVE-2022-37030 | Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x bef... | E | |
| CVE-2022-37032 | An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault... | E S | |
| CVE-2022-37033 | In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, ... | | |
| CVE-2022-37034 | In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting th... | | |
| CVE-2022-37035 | An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_proce... | E | |
| CVE-2022-37041 | An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZC... | S | |
| CVE-2022-37042 | Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP arc... | KEV E S | |
| CVE-2022-37043 | An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0.... | S | |
| CVE-2022-37044 | In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called ex... | S | |
| CVE-2022-37047 | The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow ... | E | |
| CVE-2022-37048 | The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow ... | E | |
| CVE-2022-37049 | The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in ... | E | |
| CVE-2022-37050 | In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (a... | E S | |
| CVE-2022-37051 | An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of serv... | E S | |
| CVE-2022-37052 | A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of ser... | E S | |
| CVE-2022-37053 | TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php.... | E | |
| CVE-2022-37055 | D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Ov... | E S | |
| CVE-2022-37056 | D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command In... | E S | |
| CVE-2022-37057 | D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command I... | E S | |
| CVE-2022-37059 | Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary c... | E | |
| CVE-2022-37060 | FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Trave... | E M | |
| CVE-2022-37061 | All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Com... | E M | |
| CVE-2022-37062 | All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure ... | E M | |
| CVE-2022-37063 | All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Sit... | E M | |
| CVE-2022-37066 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateDD... | E | |
| CVE-2022-37067 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWa... | E | |
| CVE-2022-37068 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateMa... | E | |
| CVE-2022-37069 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateSn... | E | |
| CVE-2022-37070 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the ... | E | |
| CVE-2022-37071 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateOn... | E | |
| CVE-2022-37072 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWa... | E | |
| CVE-2022-37073 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWa... | E | |
| CVE-2022-37074 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function switch_d... | E | |
| CVE-2022-37075 | TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ip paramet... | E | |
| CVE-2022-37076 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-37077 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser ... | E | |
| CVE-2022-37078 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-37079 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-37080 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the command pa... | E | |
| CVE-2022-37081 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-37082 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-37083 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-37084 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort para... | E | |
| CVE-2022-37085 | H3C H200 H200V100R004 was discovered to contain a stack overflow via the AddWlanMacList function.... | E | |
| CVE-2022-37086 | H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Asp_SetTimingtimeW... | E | |
| CVE-2022-37087 | H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetMobileAPInfoByI... | E | |
| CVE-2022-37088 | H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAP5GWifiById.... | E | |
| CVE-2022-37089 | H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EditMacList.... | E | |
| CVE-2022-37090 | H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Edit_BasicSSID.... | E | |
| CVE-2022-37091 | H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EditWlanMacList.... | E | |
| CVE-2022-37092 | H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPWifiorLedInfo... | E | |
| CVE-2022-37093 | H3C H200 H200V100R004 was discovered to contain a stack overflow via the function AddMacList.... | E | |
| CVE-2022-37094 | H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G.... | E | |
| CVE-2022-37095 | H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateWanParams.... | E | |
| CVE-2022-37096 | H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EnableIpv6.... | E | |
| CVE-2022-37097 | H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPInfoById.... | E | |
| CVE-2022-37098 | H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateIpv6Params.... | E | |
| CVE-2022-37099 | H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateSnat.... | E | |
| CVE-2022-37100 | H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateMacClone.... | E | |
| CVE-2022-37108 | An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an ap... | E | |
| CVE-2022-37109 | patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable... | S | |
| CVE-2022-37111 | BlueCMS 1.6 has SQL injection in line 132 of admin/article.php... | E | |
| CVE-2022-37112 | BlueCMS 1.6 has SQL injection in line 55 of admin/model.php... | E | |
| CVE-2022-37113 | Bluecms 1.6 has SQL injection in line 132 of admin/area.php... | E | |
| CVE-2022-37122 | Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Sof... | E | |
| CVE-2022-37123 | D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi.... | E | |
| CVE-2022-37125 | D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost.... | E | |
| CVE-2022-37128 | In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /gofor... | E | |
| CVE-2022-37129 | D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After... | E | |
| CVE-2022-37130 | In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occ... | E | |
| CVE-2022-37133 | D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No ... | E | |
| CVE-2022-37134 | D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wan... | E | |
| CVE-2022-37137 | PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS ... | E | |
| CVE-2022-37138 | Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthoriz... | E | |
| CVE-2022-37139 | Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.... | E | |
| CVE-2022-37140 | PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on t... | E | |
| CVE-2022-37144 | The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission at... | | |
| CVE-2022-37145 | The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts fo... | | |
| CVE-2022-37146 | The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response time... | | |
| CVE-2022-37149 | WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2022-37150 | An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulner... | E | |
| CVE-2022-37151 | There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0.... | E | |
| CVE-2022-37152 | An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vul... | E | |
| CVE-2022-37153 | An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password p... | E | |
| CVE-2022-37155 | RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the... | E S | |
| CVE-2022-37158 | RuoYi v3.8.3 has a Weak password vulnerability in the management system.... | E | |
| CVE-2022-37159 | Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload.... | E | |
| CVE-2022-37160 | Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary ... | E | |
| CVE-2022-37161 | Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload.... | E | |
| CVE-2022-37162 | Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javas... | E | |
| CVE-2022-37163 | Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially ga... | | |
| CVE-2022-37164 | Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unautho... | | |
| CVE-2022-37172 | Incorrect access control in the install directory (C:\msys64) of Msys2 v20220603 and below allows au... | | |
| CVE-2022-37173 | An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code ... | | |
| CVE-2022-37175 | Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet.... | | |
| CVE-2022-37176 | Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attack... | | |
| CVE-2022-37177 | HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: th... | E | |
| CVE-2022-37178 | An issue was discovered in 72crm 9.0. There is a SQL Injection vulnerability in View the task calend... | E | |
| CVE-2022-37181 | 72crm 9.0 has an Arbitrary file upload vulnerability.... | E | |
| CVE-2022-37183 | Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list.... | E | |
| CVE-2022-37184 | The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Uploa... | E | |
| CVE-2022-37185 | SQL injection vulnerability exists in the school information query interface (repschoolproj.php) of ... | | |
| CVE-2022-37186 | In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted a... | E S | |
| CVE-2022-37189 | DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service.... | S | |
| CVE-2022-37190 | CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both pa... | E | |
| CVE-2022-37191 | The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can... | E | |
| CVE-2022-37193 | Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Acces... | | |
| CVE-2022-37197 | IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.... | E | |
| CVE-2022-37199 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.... | E | |
| CVE-2022-37201 | JFinal CMS 5.1.0 is vulnerable to SQL Injection.... | E | |
| CVE-2022-37202 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list... | E | |
| CVE-2022-37203 | JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor... | E | |
| CVE-2022-37204 | Final CMS 5.1.0 is vulnerable to SQL Injection.... | E | |
| CVE-2022-37205 | JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor ... | E | |
| CVE-2022-37207 | JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor ... | E | |
| CVE-2022-37208 | JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor... | E | |
| CVE-2022-37209 | JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor ... | E | |
| CVE-2022-37223 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.... | E | |
| CVE-2022-37232 | Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There ... | | |
| CVE-2022-37234 | Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerabl... | | |
| CVE-2022-37235 | Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerabl... | | |
| CVE-2022-37237 | An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected ... | S | |
| CVE-2022-37238 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (... | E M | |
| CVE-2022-37239 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (... | E | |
| CVE-2022-37240 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splittin... | E | |
| CVE-2022-37241 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (... | E | |
| CVE-2022-37242 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitti... | E | |
| CVE-2022-37243 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (... | E | |
| CVE-2022-37244 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia th... | E | |
| CVE-2022-37245 | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (... | E | |
| CVE-2022-37246 | Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/Bas... | S | |
| CVE-2022-37247 | Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields pa... | S | |
| CVE-2022-37248 | Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.... | E S | |
| CVE-2022-37249 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-37250 | Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.... | E S | |
| CVE-2022-37251 | Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.... | | |
| CVE-2022-37253 | Persistent cross-site scripting (XSS) in Crime Reporting System 1.0 allows a remote attacker to intr... | | |
| CVE-2022-37254 | DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system fu... | E | |
| CVE-2022-37255 | TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and ... | E | |
| CVE-2022-37257 | Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 ... | | |
| CVE-2022-37258 | Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 ... | E | |
| CVE-2022-37259 | A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string ... | | |
| CVE-2022-37260 | A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input v... | | |
| CVE-2022-37262 | A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source ... | | |
| CVE-2022-37264 | Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js.... | | |
| CVE-2022-37265 | Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js.... | S | |
| CVE-2022-37266 | Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key ... | | |
| CVE-2022-37290 | GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a paste... | E S | |
| CVE-2022-37292 | Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This overflow is triggered in the sub_4... | E | |
| CVE-2022-37298 | Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Contro... | S | |
| CVE-2022-37299 | An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cau... | E S | |
| CVE-2022-37300 | A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could c... | S | |
| CVE-2022-37301 | A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of ... | | |
| CVE-2022-37302 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exi... | S | |
| CVE-2022-37303 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-37304 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-37305 | The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote a... | E | |
| CVE-2022-37306 | OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.... | E | |
| CVE-2022-37307 | OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror... | E | |
| CVE-2022-37308 | OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.... | E | |
| CVE-2022-37309 | OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address b... | E | |
| CVE-2022-37310 | OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as ... | E | |
| CVE-2022-37311 | OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request param... | E | |
| CVE-2022-37312 | OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containin... | E | |
| CVE-2022-37313 | OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the f... | E | |
| CVE-2022-37315 | graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser.... | E | |
| CVE-2022-37316 | Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability ... | | |
| CVE-2022-37317 | Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote ... | | |
| CVE-2022-37318 | Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote... | | |
| CVE-2022-37325 | In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an inco... | S | |
| CVE-2022-37326 | Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the ... | | |
| CVE-2022-37327 | Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) ... | | |
| CVE-2022-37328 | WordPress History Timeline plugin <= 1.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-37329 | Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may all... | S | |
| CVE-2022-37330 | WordPress WHA Crossword plugin <= 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-37331 | An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open... | E | |
| CVE-2022-37332 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, versi... | E | |
| CVE-2022-37333 | SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/... | S | |
| CVE-2022-37334 | Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro B... | S | |
| CVE-2022-37335 | WordPress Word Search Puzzles game plugin <= 2.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-37336 | Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to pote... | | |
| CVE-2022-37337 | A command execution vulnerability exists in the access control functionality of Netgear Orbi Router ... | E | |
| CVE-2022-37338 | WordPress Blossom Recipe Maker plugin <= 1.0.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | | |
| CVE-2022-37339 | WordPress Meet My Team plugin <= 2.0.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-37340 | Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an au... | S | |
| CVE-2022-37341 | Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Man... | | |
| CVE-2022-37342 | WordPress Add Shortcodes Actions And Filters plugin <= 2.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-37343 | Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged use... | | |
| CVE-2022-37344 | WordPress Accommodation System plugin <= 1.0.1 - Missing Access Control vulnerability | | |
| CVE-2022-37345 | Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may al... | S | |
| CVE-2022-37346 | EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verificat... | S | |
| CVE-2022-37347 | Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Dis... | S | |
| CVE-2022-37348 | Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Dis... | S | |
| CVE-2022-37349 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37350 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37351 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-37352 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-37353 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-37354 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37355 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37356 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37357 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37358 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37359 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37360 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-37361 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-37362 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37363 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37364 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37365 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37366 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37367 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37368 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-37369 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37370 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-37371 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37372 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37373 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-37374 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-37375 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-37376 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-37377 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-37378 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-37379 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-37380 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-37381 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-37382 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-37383 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-37384 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-37385 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-37386 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-37387 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-37388 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-37389 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-37390 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-37391 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2022-37392 | Apache Traffic Server: Improperly reading the client requests | | |
| CVE-2022-37393 | Zimbra zmslapd arbitrary module load | E S | |
| CVE-2022-37394 | An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2.... | E S | |
| CVE-2022-37395 | A Huawei device has an input verification vulnerability. Successful exploitation of this vulnerabili... | | |
| CVE-2022-37396 | In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local c... | | |
| CVE-2022-37397 | The software is vulnerable when using LDAP-based authentication in YCQL with Microsoft’s Active Directory | S | |
| CVE-2022-37398 | A stack-based buffer overflow vulnerability was found on ADM | | |
| CVE-2022-37400 | Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password | S | |
| CVE-2022-37401 | Apache OpenOffice Weak Master Keys | S | |
| CVE-2022-37402 | WordPress AFS Analytics Plugin <= 4.18 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-37403 | WordPress Add User Role plugin <= 0.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-37404 | WordPress add2fav plugin <= 1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-37405 | WordPress Better Font Awesome plugin <= 2.0.1 - Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2022-37406 | Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 al... | | |
| CVE-2022-37407 | WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | | |
| CVE-2022-37408 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-37409 | Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.... | | |
| CVE-2022-37410 | Improper access control for some Intel(R) Thunderbolt driver software before version 89 may allow an... | | |
| CVE-2022-37411 | WordPress Captcha Code plugin <= 2.7 - Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2022-37412 | WordPress Better Delete Revision plugin <= 1.6.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-37415 | The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buffer overflow via IOCTL 0x400020... | E | |
| CVE-2022-37416 | Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_full... | E | |
| CVE-2022-37418 | The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2... | E | |
| CVE-2022-37421 | Silverstripe silverstripe/cms through 4.11.0 allows XSS.... | S | |
| CVE-2022-37422 | Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Serve... | | |
| CVE-2022-37423 | Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Tra... | E | |
| CVE-2022-37424 | The FILES Directive allows arbitrary files from the frontend system (including sensitive files) to be included when a VM is started from that template, which may result in Information Disclosure. | S | |
| CVE-2022-37425 | The FILES directive inside a VM template allows execution of uploaded files when the template is instantiated, resulting in a Remote Code Execution (RCE) attack. | S | |
| CVE-2022-37426 | Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux... | S | |
| CVE-2022-37428 | PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has ... | | |
| CVE-2022-37429 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to... | S | |
| CVE-2022-37430 | Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a li... | S | |
| CVE-2022-37431 | A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occur... | | |
| CVE-2022-37434 | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via... | E S | |
| CVE-2022-37435 | Apache ShenYu Admin Improper Privilege Management | S | |
| CVE-2022-37436 | Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting | | |
| CVE-2022-37437 | Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation | M | |
| CVE-2022-37438 | Information disclosure via the dashboard drilldown in Splunk Enterprise | M | |
| CVE-2022-37439 | Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input | | |
| CVE-2022-37440 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-37441 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-37442 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-37443 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-37444 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-37445 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-37446 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-37447 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-37448 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-37449 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-37450 | Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in cert... | E | |
| CVE-2022-37451 | Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not u... | E S | |
| CVE-2022-37452 | Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c w... | E S | |
| CVE-2022-37453 | An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess alloca... | M | |
| CVE-2022-37454 | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant ... | E S | |
| CVE-2022-37458 | Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimit... | | |
| CVE-2022-37459 | Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to contr... | | |
| CVE-2022-37460 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-37461 | Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 al... | E | |
| CVE-2022-37462 | A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop... | E | |
| CVE-2022-37598 | Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the na... | E | |
| CVE-2022-37599 | A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpo... | S | |
| CVE-2022-37601 | Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils vi... | E | |
| CVE-2022-37602 | Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-ka... | E | |
| CVE-2022-37603 | A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpo... | E | |
| CVE-2022-37609 | Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in option... | | |
| CVE-2022-37611 | Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js.... | | |
| CVE-2022-37614 | Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0... | E | |
| CVE-2022-37616 | A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published a... | S | |
| CVE-2022-37617 | Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserif... | E | |
| CVE-2022-37620 | A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because ... | M | |
| CVE-2022-37621 | Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserif... | | |
| CVE-2022-37623 | Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserif... | E | |
| CVE-2022-37660 | In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. ... | | |
| CVE-2022-37661 | SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via th... | E | |
| CVE-2022-37679 | Miniblog.Core v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the compo... | E | |
| CVE-2022-37680 | An improper authentication for critical function issue in Hitachi Kokusai Electric Network products ... | | |
| CVE-2022-37681 | Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and be... | | |
| CVE-2022-37700 | Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (rem... | E | |
| CVE-2022-37703 | In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacke... | | |
| CVE-2022-37704 | Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary locat... | S | |
| CVE-2022-37705 | A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root priv... | E S | |
| CVE-2022-37706 | enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is... | E S | |
| CVE-2022-37708 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-37709 | Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to Authentication ... | E | |
| CVE-2022-37710 | Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1)... | | |
| CVE-2022-37718 | The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was discovered to contain a command ... | E | |
| CVE-2022-37719 | A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows ... | E | |
| CVE-2022-37720 | Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged... | E | |
| CVE-2022-37721 | PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as ... | | |
| CVE-2022-37724 | Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL... | E S | |
| CVE-2022-37730 | In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerability in the PHP page, which caus... | E | |
| CVE-2022-37731 | ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts malicious JavaScript code into th... | E | |
| CVE-2022-37734 | graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL... | E S | |
| CVE-2022-37767 | Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary cod... | E | |
| CVE-2022-37768 | libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrai... | E | |
| CVE-2022-37769 | libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huf... | E | |
| CVE-2022-37770 | libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpass... | E | |
| CVE-2022-37771 | IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated att... | E | |
| CVE-2022-37772 | Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due t... | E | |
| CVE-2022-37773 | An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch... | E | |
| CVE-2022-37774 | There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some ... | | |
| CVE-2022-37775 | Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows X... | E | |
| CVE-2022-37777 | Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.17 and earlier were discovered ... | E | |
| CVE-2022-37778 | Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain ... | E | |
| CVE-2022-37779 | Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain ... | E | |
| CVE-2022-37780 | Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain ... | E | |
| CVE-2022-37781 | fdkaac v1.0.3 was discovered to contain a heap buffer overflow via __interceptor_memcpy.part.46 at /... | E S | |
| CVE-2022-37783 | All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate u... | E | |
| CVE-2022-37785 | An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords are displayed in the configura... | E | |
| CVE-2022-37786 | An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the [Home... | E | |
| CVE-2022-37787 | An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plug... | E | |
| CVE-2022-37794 | In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL i... | E | |
| CVE-2022-37796 | In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description paramet... | E | |
| CVE-2022-37797 | In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP r... | E | |
| CVE-2022-37798 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the f... | E | |
| CVE-2022-37799 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter at the f... | E | |
| CVE-2022-37800 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the f... | E | |
| CVE-2022-37801 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the f... | E | |
| CVE-2022-37802 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the f... | E | |
| CVE-2022-37803 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the f... | E | |
| CVE-2022-37804 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter in the f... | E | |
| CVE-2022-37805 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromWizardHand... | E | |
| CVE-2022-37806 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the f... | E | |
| CVE-2022-37807 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function formSetClientS... | E | |
| CVE-2022-37808 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the index parameter in the ... | E | |
| CVE-2022-37809 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the speed_dir parameter in ... | E | |
| CVE-2022-37810 | Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac pa... | E | |
| CVE-2022-37811 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the startIp parameter in th... | E | |
| CVE-2022-37812 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the firewallEn parameter in... | E | |
| CVE-2022-37813 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetSysTime... | E | |
| CVE-2022-37814 | Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and t... | E | |
| CVE-2022-37815 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the PPPOEPassword parameter... | E | |
| CVE-2022-37816 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBi... | E | |
| CVE-2022-37817 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetIpMacBind.... | E | |
| CVE-2022-37818 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter at the funct... | E | |
| CVE-2022-37819 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the f... | E | |
| CVE-2022-37820 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ddnsEn parameter in the fun... | E | |
| CVE-2022-37821 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ProvinceCode parameter in t... | E | |
| CVE-2022-37822 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetRouteStatic... | E | |
| CVE-2022-37823 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the funct... | E | |
| CVE-2022-37824 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the... | E | |
| CVE-2022-37830 | Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2022-37832 | Mutiny 7.2.0-10788 suffers from Hardcoded root password.... | | |
| CVE-2022-37835 | Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as... | | |
| CVE-2022-37839 | TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflow via Cstecgi.cgi.... | | |
| CVE-2022-37840 | In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downloadfile.cgi has a buffer overfl... | | |
| CVE-2022-37841 | In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sam... | | |
| CVE-2022-37842 | In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat.cgi are not filtered, causing ... | | |
| CVE-2022-37843 | In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put i... | | |
| CVE-2022-37857 | bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded passwo... | | |
| CVE-2022-37860 | The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by ... | E S | |
| CVE-2022-37861 | There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router devi... | E | |
| CVE-2022-37864 | A vulnerability has been identified in Solid Edge (All Versions < SE2022MP9). The affected applicati... | S | |
| CVE-2022-37865 | Apache Ivy allows creating/overwriting any file on the system | | |
| CVE-2022-37866 | Apache Ivy allows path traversal in the presence of a malicious repository | | |
| CVE-2022-37877 | A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance... | | |
| CVE-2022-37878 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti... | | |
| CVE-2022-37879 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti... | | |
| CVE-2022-37880 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti... | | |
| CVE-2022-37881 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti... | | |
| CVE-2022-37882 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti... | | |
| CVE-2022-37883 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti... | | |
| CVE-2022-37884 | A vulnerability exists in the ClearPass Policy Manager Guest User Interface that can allow an unauth... | | |
| CVE-2022-37885 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthe... | | |
| CVE-2022-37886 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthe... | | |
| CVE-2022-37887 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthe... | | |
| CVE-2022-37888 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthe... | | |
| CVE-2022-37889 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthe... | | |
| CVE-2022-37890 | Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web ... | | |
| CVE-2022-37891 | Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web ... | | |
| CVE-2022-37892 | A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauth... | | |
| CVE-2022-37893 | An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 comman... | | |
| CVE-2022-37894 | An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID stri... | | |
| CVE-2022-37895 | An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID stri... | | |
| CVE-2022-37896 | A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote ... | | |
| CVE-2022-37897 | There is a command injection vulnerability that could lead to unauthenticated remote code execution ... | | |
| CVE-2022-37898 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success... | | |
| CVE-2022-37899 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success... | | |
| CVE-2022-37900 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success... | | |
| CVE-2022-37901 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success... | | |
| CVE-2022-37902 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success... | | |
| CVE-2022-37903 | A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with att... | | |
| CVE-2022-37904 | Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execu... | | |
| CVE-2022-37905 | Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execu... | | |
| CVE-2022-37906 | An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successf... | | |
| CVE-2022-37907 | A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a de... | | |
| CVE-2022-37908 | An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controll... | | |
| CVE-2022-37909 | Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclo... | | |
| CVE-2022-37910 | A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitatio... | | |
| CVE-2022-37911 | Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line inte... | | |
| CVE-2022-37912 | Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Success... | | |
| CVE-2022-37913 | Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator c... | M | |
| CVE-2022-37914 | Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator c... | M | |
| CVE-2022-37915 | A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator c... | M | |
| CVE-2022-37916 | Broken Access Control for some Web-based Management URLs in AirWave Management Platform | M | |
| CVE-2022-37917 | Broken Access Control for some Web-based Management URLs in AirWave Management Platform | M | |
| CVE-2022-37918 | Broken Access Control for some Web-based Management URLs in AirWave Management Platform | M | |
| CVE-2022-37919 | A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can e... | | |
| CVE-2022-37920 | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticate... | | |
| CVE-2022-37921 | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticate... | | |
| CVE-2022-37922 | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticate... | | |
| CVE-2022-37923 | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticate... | | |
| CVE-2022-37924 | Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticate... | | |
| CVE-2022-37925 | A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allo... | | |
| CVE-2022-37926 | A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a re... | | |
| CVE-2022-37927 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE ... | | |
| CVE-2022-37928 | Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimbl... | | |
| CVE-2022-37929 | Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flas... | | |
| CVE-2022-37930 | A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimbl... | | |
| CVE-2022-37931 | A vulnerability in NetBatch-Plus software allows unauthorized access to the application | S | |
| CVE-2022-37932 | A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1... | | |
| CVE-2022-37933 | A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 ... | | |
| CVE-2022-37934 | A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch se... | | |
| CVE-2022-37935 | HPE OneView for VMware vCenter, in certain circumstances, may disclose the “HPE OneView” Username an... | S | |
| CVE-2022-37936 | Unauthenticated Java deserialization vulnerability in Serviceguard Manager ... | | |
| CVE-2022-37937 | Pre-auth memory corruption in HPE Serviceguard... | | |
| CVE-2022-37938 | Unauthenticated server side request forgery in HPE Serviceguard Manager... | | |
| CVE-2022-37939 | A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 ... | | |
| CVE-2022-37940 | Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. Th... | | |
| CVE-2022-37941 | Rejected reason: Not used in 2022... | R | |
| CVE-2022-37942 | Rejected reason: Not used in 2022... | R | |
| CVE-2022-37943 | Rejected reason: Not used in 2022... | R | |
| CVE-2022-37944 | Rejected reason: Not used in 2022... | R | |
| CVE-2022-37945 | Rejected reason: Not used in 2022... | R | |
| CVE-2022-37946 | Rejected reason: Not used in 2022... | R | |
| CVE-2022-37947 | Rejected reason: Not used in 2022... | R | |
| CVE-2022-37948 | Rejected reason: Not used in 2022... | R | |
| CVE-2022-37949 | Rejected reason: Not used in 2022... | R | |
| CVE-2022-37950 | Rejected reason: Not used in 2022... | R | |
| CVE-2022-37951 | Rejected reason: Not used in 2022... | R | |
| CVE-2022-37952 | WorkstationST - Reflected XSS in iHistorian Data Display Tags | S | |
| CVE-2022-37953 | WorkstationST - Response Splitting in AM Gateway Challenge-Response | S | |
| CVE-2022-37954 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | | |
| CVE-2022-37955 | Windows Group Policy Elevation of Privilege Vulnerability | | |
| CVE-2022-37956 | Windows Kernel Elevation of Privilege Vulnerability | | |
| CVE-2022-37957 | Windows Kernel Elevation of Privilege Vulnerability | | |
| CVE-2022-37958 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | | |
| CVE-2022-37959 | Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability | | |
| CVE-2022-37961 | Microsoft SharePoint Server Remote Code Execution Vulnerability | | |
| CVE-2022-37962 | Microsoft PowerPoint Remote Code Execution Vulnerability | | |
| CVE-2022-37963 | Microsoft Office Visio Remote Code Execution Vulnerability | | |
| CVE-2022-37964 | Windows Kernel Elevation of Privilege Vulnerability | | |
| CVE-2022-37965 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | S | |
| CVE-2022-37966 | Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability | S | |
| CVE-2022-37967 | Windows Kerberos Elevation of Privilege Vulnerability | S | |
| CVE-2022-37968 | Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability | S | |
| CVE-2022-37969 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | KEV S | |
| CVE-2022-37970 | Windows DWM Core Library Elevation of Privilege Vulnerability | S | |
| CVE-2022-37971 | Microsoft Windows Defender Elevation of Privilege Vulnerability | S | |
| CVE-2022-37972 | Microsoft Endpoint Configuration Manager Spoofing Vulnerability | S | |
| CVE-2022-37973 | Windows Local Session Manager (LSM) Denial of Service Vulnerability | S | |
| CVE-2022-37974 | Windows Mixed Reality Developer Tools Information Disclosure Vulnerability | S | |
| CVE-2022-37975 | Windows Group Policy Elevation of Privilege Vulnerability | S | |
| CVE-2022-37976 | Active Directory Certificate Services Elevation of Privilege Vulnerability | S | |
| CVE-2022-37977 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | S | |
| CVE-2022-37978 | Windows Active Directory Certificate Services Security Feature Bypass | S | |
| CVE-2022-37979 | Windows Hyper-V Elevation of Privilege Vulnerability | S | |
| CVE-2022-37980 | Windows DHCP Client Elevation of Privilege Vulnerability | S | |
| CVE-2022-37981 | Windows Event Logging Service Denial of Service Vulnerability | S | |
| CVE-2022-37982 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | S | |
| CVE-2022-37983 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | S | |
| CVE-2022-37984 | Windows WLAN Service Elevation of Privilege Vulnerability | S | |
| CVE-2022-37985 | Windows Graphics Component Information Disclosure Vulnerability | S | |
| CVE-2022-37986 | Windows Win32k Elevation of Privilege Vulnerability | S | |
| CVE-2022-37987 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | S | |
| CVE-2022-37988 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2022-37989 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | S | |
| CVE-2022-37990 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2022-37991 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2022-37992 | Windows Group Policy Elevation of Privilege Vulnerability | | |
| CVE-2022-37993 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability | S | |
| CVE-2022-37994 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability | S | |
| CVE-2022-37995 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2022-37996 | Windows Kernel Memory Information Disclosure Vulnerability | S | |
| CVE-2022-37997 | Windows Graphics Component Elevation of Privilege Vulnerability | S | |
| CVE-2022-37998 | Windows Local Session Manager (LSM) Denial of Service Vulnerability | S | |
| CVE-2022-37999 | Windows Group Policy Preference Client Elevation of Privilege Vulnerability | S |