| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-38000 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | S | |
| CVE-2022-38001 | Microsoft Office Spoofing Vulnerability | S | |
| CVE-2022-38003 | Windows Resilient File System Elevation of Privilege | S | |
| CVE-2022-38004 | Windows Fax Service Remote Code Execution Vulnerability | | |
| CVE-2022-38005 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-38006 | Windows Graphics Component Information Disclosure Vulnerability | | |
| CVE-2022-38007 | Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability | S | |
| CVE-2022-38008 | Microsoft SharePoint Server Remote Code Execution Vulnerability | | |
| CVE-2022-38009 | Microsoft SharePoint Server Remote Code Execution Vulnerability | | |
| CVE-2022-38010 | Microsoft Office Visio Remote Code Execution Vulnerability | | |
| CVE-2022-38011 | Raw Image Extension Remote Code Execution Vulnerability | S | |
| CVE-2022-38012 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | | |
| CVE-2022-38013 | .NET Core and Visual Studio Denial of Service Vulnerability | S | |
| CVE-2022-38014 | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | | |
| CVE-2022-38015 | Windows Hyper-V Denial of Service Vulnerability | | |
| CVE-2022-38016 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | S | |
| CVE-2022-38017 | StorSimple 8000 Series Elevation of Privilege Vulnerability | S | |
| CVE-2022-38019 | AV1 Video Extension Remote Code Execution Vulnerability | S | |
| CVE-2022-38020 | Visual Studio Code Elevation of Privilege Vulnerability | | |
| CVE-2022-38021 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | S | |
| CVE-2022-38022 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2022-38023 | Netlogon RPC Elevation of Privilege Vulnerability | S | |
| CVE-2022-38025 | Windows Distributed File System (DFS) Information Disclosure Vulnerability | S | |
| CVE-2022-38026 | Windows DHCP Client Information Disclosure Vulnerability | S | |
| CVE-2022-38027 | Windows Storage Elevation of Privilege Vulnerability | S | |
| CVE-2022-38028 | Windows Print Spooler Elevation of Privilege Vulnerability | KEV S | |
| CVE-2022-38029 | Windows ALPC Elevation of Privilege Vulnerability | S | |
| CVE-2022-38030 | Windows USB Serial Driver Information Disclosure Vulnerability | S | |
| CVE-2022-38031 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | S | |
| CVE-2022-38032 | Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability | S | |
| CVE-2022-38033 | Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability | S | |
| CVE-2022-38034 | Windows Workstation Service Elevation of Privilege Vulnerability | S | |
| CVE-2022-38036 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | S | |
| CVE-2022-38037 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2022-38038 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2022-38039 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2022-38040 | Microsoft ODBC Driver Remote Code Execution Vulnerability | S | |
| CVE-2022-38041 | Windows Secure Channel Denial of Service Vulnerability | S | |
| CVE-2022-38042 | Active Directory Domain Services Elevation of Privilege Vulnerability | S | |
| CVE-2022-38043 | Windows Security Support Provider Interface Information Disclosure Vulnerability | S | |
| CVE-2022-38044 | Windows CD-ROM File System Driver Remote Code Execution Vulnerability | S | |
| CVE-2022-38045 | Windows Server Service Elevation of Privilege Vulnerability | S | |
| CVE-2022-38046 | Web Account Manager Information Disclosure Vulnerability | S | |
| CVE-2022-38047 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | S | |
| CVE-2022-38048 | Microsoft Office Remote Code Execution Vulnerability | S | |
| CVE-2022-38049 | Microsoft Office Graphics Remote Code Execution Vulnerability | S | |
| CVE-2022-38050 | Win32k Elevation of Privilege Vulnerability | S | |
| CVE-2022-38051 | Windows Graphics Component Elevation of Privilege Vulnerability | S | |
| CVE-2022-38053 | Microsoft SharePoint Server Remote Code Execution Vulnerability | S | |
| CVE-2022-38054 | Session Fixation | | |
| CVE-2022-38055 | WordPress wpForo Forum plugin <= 2.0.9 - Auth. HTML Injection vulnerability | S | |
| CVE-2022-38056 | Improper neutralization in the Intel(R) EMA software before version 1.8.1.0 may allow a privileged u... | | |
| CVE-2022-38057 | WordPress TH Advance Product Search plugin <= 1.2.1 - Unauthenticated Plugin Settings Reset vulnerability | | |
| CVE-2022-38058 | WordPress WP Shamsi plugin <= 4.1.1 - Authenticated Plugin Setting change vulnerability | | |
| CVE-2022-38059 | WordPress Access Code Feeder plugin <= 1.0.3 - Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2022-38060 | A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master ... | | |
| CVE-2022-38061 | WordPress Export Post Info plugin <= 1.2.0 - Authenticated CSV Injection vulnerability | S | |
| CVE-2022-38062 | WordPress Download Theme Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-38063 | WordPress Social Login WP Plugin <= 5.0.0.0 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2022-38064 | windowmanager in window subsystem has a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. | | |
| CVE-2022-38065 | A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git maste... | E | |
| CVE-2022-38066 | An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD ... | E | |
| CVE-2022-38067 | WordPress Event Calendar – Calendar plugin <= 1.4.6 - Unauthenticated Event Deletion vulnerability | | |
| CVE-2022-38068 | WordPress Export Post Info plugin <= 1.1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-38069 | Contec Health CMS8000 | M | |
| CVE-2022-38070 | WordPress Pop-up plugin <= 1.1.5 - Privilege Escalation vulnerability | S | |
| CVE-2022-38071 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-38072 | An improper array index validation vulnerability exists in the stl_fix_normal_directions functionali... | E S | |
| CVE-2022-38073 | WordPress Awesome Support plugin <= 6.0.7 - Multiple Authenticated Persistent XSS (Additional Interested Parties) | S | |
| CVE-2022-38074 | WordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL Injection | S | |
| CVE-2022-38075 | WordPress Mantenimiento web plugin <= 0.13 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) | S | |
| CVE-2022-38076 | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may all... | S | |
| CVE-2022-38077 | WordPress Popup Anything Plugin <= 2.2.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-38078 | Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sendi... | | |
| CVE-2022-38079 | WordPress Backup Scheduler plugin <= 1.5.13 - Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2022-38080 | Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier a... | S | |
| CVE-2022-38081 | Tokensync in security subsystem has a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system. | | |
| CVE-2022-38083 | Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged use... | | |
| CVE-2022-38084 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-38085 | WordPress Read more By Adam plugin <= 1.1.8 - Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2022-38086 | WordPress Shortcodes Ultimate plugin <= 5.12.0 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-38087 | Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privi... | | |
| CVE-2022-38088 | A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ... | E | |
| CVE-2022-38089 | Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and ... | S | |
| CVE-2022-38090 | Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guar... | | |
| CVE-2022-38092 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-38093 | WordPress All in One SEO plugin <= 4.2.3.1 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | S | |
| CVE-2022-38094 | OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions p... | M | |
| CVE-2022-38095 | WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-38096 | There is a NULL pointer vulnerability in vmwgfx driver | | |
| CVE-2022-38097 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, versi... | | |
| CVE-2022-38099 | Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version ... | | |
| CVE-2022-38100 | Contec Health CMS8000 | M | |
| CVE-2022-38101 | Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlas... | | |
| CVE-2022-38102 | Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine bef... | | |
| CVE-2022-38103 | Insecure inherited permissions in the Intel(R) NUC Software Studio Service installer before version ... | | |
| CVE-2022-38104 | WordPress Accordions plugin <= 2.0.3 - Auth. WordPress Options Change vulnerability | S | |
| CVE-2022-38105 | An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0... | E | |
| CVE-2022-38106 | Cross-Site Scripting Vulnerability in Serv-U Web Client | S | |
| CVE-2022-38107 | Sensitive Data Disclosure Vulnerability | S | |
| CVE-2022-38108 | SolarWinds Platform Deserialization of Untrusted Data | S | |
| CVE-2022-38110 | Reflected Cross-Site Scripting Vulnerability | S | |
| CVE-2022-38111 | SolarWinds Platform Deserialization of Untrusted Data Vulnerability | S | |
| CVE-2022-38112 | Sensitive Information Disclosure Vulnerability | S | |
| CVE-2022-38113 | Information Disclosure Vulnerability | S | |
| CVE-2022-38114 | Client-Side Desync Vulnerability | S | |
| CVE-2022-38115 | Insecure Methods Vulnerability | S | |
| CVE-2022-38116 | Le-yan Co., Ltd. Personnel and Salary Management System - Hard-coded password | S | |
| CVE-2022-38117 | Juiker app - Hard-coded Credentials | S | |
| CVE-2022-38118 | HGiga OAKlouds - SQL Injection | S | |
| CVE-2022-38119 | POWERCOM CO., LTD. UPSMON PRO - Broken Authentication | S | |
| CVE-2022-38120 | POWERCOM CO., LTD. UPSMON PRO - Path Traversal | S | |
| CVE-2022-38121 | POWERCOM CO., LTD. UPSMON PRO - Insufficiently Protected Credentials | S | |
| CVE-2022-38122 | POWERCOM CO., LTD. UPSMON PRO - Cleartext Transmission of Sensitive Information | S | |
| CVE-2022-38123 | Insufficient validation of plugin files | | |
| CVE-2022-38124 | Unwanted debug tool | | |
| CVE-2022-38125 | FTP Agent forwards traffic on inactive ports to LinkManager | | |
| CVE-2022-38126 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-38127 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-38128 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-38129 | A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicen... | E | |
| CVE-2022-38130 | The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore t... | | |
| CVE-2022-38131 | RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could al... | E | |
| CVE-2022-38132 | Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands. | S | |
| CVE-2022-38133 | In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in som... | | |
| CVE-2022-38134 | WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Authenticated Broken Access Control vulnerability | S | |
| CVE-2022-38135 | WordPress Photospace Gallery plugin <= 2.3.5 - Broken Access Control vulnerability | | |
| CVE-2022-38136 | Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for Windows and Intel Fortran Com... | | |
| CVE-2022-38137 | WordPress Analytify plugin <= 4.2.2 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-38138 | The Triangle Microworks IEC 61850 Library (Any client or server using the C language library with a ... | | |
| CVE-2022-38139 | WordPress RD Station plugin <= 5.2.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | S | |
| CVE-2022-38140 | WordPress SEO Plugin by Squirrly SEO Plugin <= 12.1.10 is vulnerable to Arbitrary File Upload | S | |
| CVE-2022-38141 | WordPress Sales Report Email for WooCommerce Plugin <= 2.8 is vulnerable to Broken Access Control | S | |
| CVE-2022-38142 | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied d... | S | |
| CVE-2022-38143 | A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encod... | E | |
| CVE-2022-38144 | WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-38145 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers addi... | S | |
| CVE-2022-38146 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).... | | |
| CVE-2022-38147 | Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).... | S | |
| CVE-2022-38148 | Silverstripe silverstripe/framework through 4.11 allows SQL Injection.... | | |
| CVE-2022-38149 | HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets ... | | |
| CVE-2022-38150 | In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to asser... | M | |
| CVE-2022-38152 | An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server ... | E S | |
| CVE-2022-38153 | An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, onl... | E S | |
| CVE-2022-38155 | TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory ... | E | |
| CVE-2022-38156 | A remote command injection issues exists in the web server of the Kratos SpectralNet device with Spe... | | |
| CVE-2022-38161 | The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platfo... | | |
| CVE-2022-38162 | Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within... | | |
| CVE-2022-38163 | A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS vers... | | |
| CVE-2022-38164 | A vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. A maliciously cr... | | |
| CVE-2022-38165 | Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to w... | | |
| CVE-2022-38166 | In F-Secure Endpoint Protection for Windows and macOS before channel with Capricorn database 2022-11... | | |
| CVE-2022-38167 | The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS.... | | |
| CVE-2022-38168 | Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.... | E | |
| CVE-2022-38170 | Overly permissive umask for daemons | M | |
| CVE-2022-38171 | Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextR... | S | |
| CVE-2022-38172 | ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboar... | | |
| CVE-2022-38176 | An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part... | | |
| CVE-2022-38177 | Memory leak in ECDSA DNSSEC verification code | S | |
| CVE-2022-38178 | Memory leaks in EdDSA DNSSEC verification code | S | |
| CVE-2022-38179 | JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack... | | |
| CVE-2022-38180 | In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases... | | |
| CVE-2022-38181 | The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory o... | KEV E | |
| CVE-2022-38183 | In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to imprope... | | |
| CVE-2022-38184 | There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 | M | |
| CVE-2022-38186 | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may... | | |
| CVE-2022-38187 | Prevent access to sharing/rest/content/features/analyze to unauthorized users | | |
| CVE-2022-38188 | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a r... | | |
| CVE-2022-38189 | There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript. | | |
| CVE-2022-38190 | Stored cross-site scripting vulnerability in Esri Portal for ArcGIS Configurable Apps | S | |
| CVE-2022-38191 | HTML injection vulnerability in Portal for ArcGIS | | |
| CVE-2022-38192 | There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript. | | |
| CVE-2022-38193 | Code injection issue in Portal for ArcGIS (10.7.1 and 10.8.1) | | |
| CVE-2022-38194 | Portal for ArcGIS system properties are not properly encrypted (10.8.1 only) | | |
| CVE-2022-38195 | BUG-000150540 - Reflected XSS vulnerability in ArcGIS Server | S | |
| CVE-2022-38196 | BUG-000150537 - ArcGIS Server has a local file inclusion (LFI) vulnerability | S | |
| CVE-2022-38197 | BUG-000148347 Unvalidated redirect issues in ArcGIS Server. | | |
| CVE-2022-38198 | BUG-000146513 - Reflected XSS vulnerability in ArcGIS Server | S | |
| CVE-2022-38199 | BUG-000144172 - Remote file download issue in ArcGIS Server | M | |
| CVE-2022-38200 | BUG-000142376 - Reflected Cross-Site Scripting (XSS) vulnerability in ArcGIS Server. | S | |
| CVE-2022-38201 | An unvalidated redirect vulnerability exists in Esri ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. | | |
| CVE-2022-38202 | BUG-000152121 - Directory traversal vulnerability in ArcGIS Server. | | |
| CVE-2022-38203 | The allowedProxyHosts property is not fully honored in ArcGIS Enterprise (10.8.1 and 10.7.1 only) | | |
| CVE-2022-38204 | Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only) | | |
| CVE-2022-38205 | Portal for ArcGIS has a directory traversal vulnerability (10.9.1, 10.8.1 and 10.7.1 only) | | |
| CVE-2022-38206 | Reflected XSS vulnerability in Portal for ArcGIS (10.9.1, 10.8.1 and 10.7.1 only) | | |
| CVE-2022-38207 | Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only) | | |
| CVE-2022-38208 | Unvalidated redirect in Portal for ArcGIS | | |
| CVE-2022-38209 | Reflected XSS vulnerability in Portal for ArcGIS | | |
| CVE-2022-38210 | HTML injection in accountswitcher-callback.html (10.9.1, 10.8.1 and 10.7.1 only) | | |
| CVE-2022-38211 | Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS (10.9.1, 10.8.1 and 10.7.1 only) | | |
| CVE-2022-38212 | Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only) | | |
| CVE-2022-38216 | An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, whic... | | |
| CVE-2022-38220 | An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that m... | | |
| CVE-2022-38221 | A buffer overflow in the FTcpListener thread in The Isle Evrima (the dedicated server on Windows and... | E | |
| CVE-2022-38222 | There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It c... | E | |
| CVE-2022-38223 | There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by s... | E | |
| CVE-2022-38227 | XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at asan_interceptor... | E | |
| CVE-2022-38228 | XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUni... | E | |
| CVE-2022-38229 | XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTH... | E | |
| CVE-2022-38230 | XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decode... | E | |
| CVE-2022-38231 | XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at /xp... | E | |
| CVE-2022-38233 | XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() a... | E | |
| CVE-2022-38234 | XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at... | E | |
| CVE-2022-38235 | XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /... | E | |
| CVE-2022-38236 | XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at... | E | |
| CVE-2022-38237 | XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at /x... | E | |
| CVE-2022-38238 | XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at /x... | E | |
| CVE-2022-38247 | Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System... | | |
| CVE-2022-38248 | Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilitie... | | |
| CVE-2022-38249 | Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR co... | | |
| CVE-2022-38250 | Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter ... | | |
| CVE-2022-38251 | Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System... | | |
| CVE-2022-38254 | Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the... | | |
| CVE-2022-38255 | Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the id ... | E | |
| CVE-2022-38256 | TastyIgniter v3.5.0 was discovered to contain a cross-site scripting (XSS) vulnerability which allow... | | |
| CVE-2022-38258 | A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denia... | E | |
| CVE-2022-38260 | Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the com... | E | |
| CVE-2022-38265 | Apartment Visitor Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-38266 | An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception... | E S | |
| CVE-2022-38267 | School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnera... | E | |
| CVE-2022-38268 | School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnera... | E | |
| CVE-2022-38269 | School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnera... | E | |
| CVE-2022-38272 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list.... | E | |
| CVE-2022-38273 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/list_approve.... | E | |
| CVE-2022-38274 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list.... | E | |
| CVE-2022-38275 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/list.... | E | |
| CVE-2022-38276 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list.... | E | |
| CVE-2022-38277 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list.... | E | |
| CVE-2022-38278 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylink/list.... | E | |
| CVE-2022-38279 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list.... | E | |
| CVE-2022-38280 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list.... | E | |
| CVE-2022-38281 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list.... | E | |
| CVE-2022-38282 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list.... | E | |
| CVE-2022-38283 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list.... | E | |
| CVE-2022-38284 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department/list.... | E | |
| CVE-2022-38285 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list.... | E | |
| CVE-2022-38286 | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.... | E | |
| CVE-2022-38287 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-38289 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-38291 | SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS... | E | |
| CVE-2022-38292 | SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Reques... | E | |
| CVE-2022-38295 | Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view... | E | |
| CVE-2022-38296 | Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager... | E | |
| CVE-2022-38297 | UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.... | E | |
| CVE-2022-38298 | Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request F... | S | |
| CVE-2022-38299 | An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed host... | S | |
| CVE-2022-38301 | Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted f... | E S | |
| CVE-2022-38302 | Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the ... | E | |
| CVE-2022-38303 | Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the ... | E | |
| CVE-2022-38304 | Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the ... | E | |
| CVE-2022-38305 | AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /a... | E | |
| CVE-2022-38306 | LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPs... | E S | |
| CVE-2022-38307 | LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO:... | E S | |
| CVE-2022-38308 | TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability vi... | E S | |
| CVE-2022-38309 | Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the l... | E | |
| CVE-2022-38310 | Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the l... | E | |
| CVE-2022-38311 | Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the t... | E | |
| CVE-2022-38312 | Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the l... | E | |
| CVE-2022-38313 | Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the t... | E | |
| CVE-2022-38314 | Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the u... | E | |
| CVE-2022-38322 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2022-38323 | Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via th... | E | |
| CVE-2022-38325 | Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to... | E | |
| CVE-2022-38326 | Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to... | E | |
| CVE-2022-38329 | A CSRF vulnerability in Shopxian CMS 3.0.0 could allow an unauthenticated, remote attacker to craft ... | E | |
| CVE-2022-38333 | Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the fu... | | |
| CVE-2022-38334 | XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPag... | E | |
| CVE-2022-38335 | Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via th... | E | |
| CVE-2022-38336 | An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server... | E M | |
| CVE-2022-38337 | When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. Th... | S | |
| CVE-2022-38339 | Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vuln... | | |
| CVE-2022-38340 | Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal... | S | |
| CVE-2022-38341 | Safe Software FME Server v2021.2.5 and below does not employ server-side validation.... | S | |
| CVE-2022-38342 | Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External E... | | |
| CVE-2022-38349 | An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to... | E S | |
| CVE-2022-38351 | A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows attackers to escalate privileges ... | E | |
| CVE-2022-38352 | ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\... | E | |
| CVE-2022-38355 | Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attack... | S | |
| CVE-2022-38356 | WordPress Pearl Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2022-38357 | Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to... | E | |
| CVE-2022-38358 | Improper neutralization of input during web page generation leaves the Eyes of Network web applicati... | E | |
| CVE-2022-38359 | Cross-site request forgery attacks can be carried out against the Eyes of Network web application, d... | E | |
| CVE-2022-38362 | Docker Provider <3.0 RCE vulnerability in example dag | M | |
| CVE-2022-38367 | The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. ... | | |
| CVE-2022-38368 | An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gatew... | | |
| CVE-2022-38369 | Login check vulnerability by session Id | | |
| CVE-2022-38370 | No authorization of DatabaseConnectController in grafana-connector. | | |
| CVE-2022-38371 | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P... | S | |
| CVE-2022-38372 | A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 throug... | | |
| CVE-2022-38373 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDecept... | | |
| CVE-2022-38374 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F... | | |
| CVE-2022-38375 | An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 ... | S | |
| CVE-2022-38376 | Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulner... | S | |
| CVE-2022-38377 | An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0... | S | |
| CVE-2022-38378 | An improper privilege management vulnerability [CWE-269] in Fortinet FortiOS version 7.2.0 and befor... | S | |
| CVE-2022-38379 | Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.... | S | |
| CVE-2022-38380 | An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 throu... | | |
| CVE-2022-38381 | An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all version... | | |
| CVE-2022-38382 | IBM Cloud Pak for Security session fixation | | |
| CVE-2022-38383 | IBM Cloud Pak for Security information disclosure | | |
| CVE-2022-38385 | IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to ob... | S | |
| CVE-2022-38386 | IBM Cloud Pak for Security information disclosure | | |
| CVE-2022-38387 | IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attac... | S | |
| CVE-2022-38388 | IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive in... | S | |
| CVE-2022-38389 | IBM Tivoli Workload Scheduler XML external entity injection | | |
| CVE-2022-38390 | Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vuln... | S | |
| CVE-2022-38391 | IBM Spectrum Control information disclosure | S | |
| CVE-2022-38392 | Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physi... | | |
| CVE-2022-38393 | A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus ... | E | |
| CVE-2022-38394 | Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior t... | M | |
| CVE-2022-38395 | HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fus... | | |
| CVE-2022-38396 | HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and ear... | | |
| CVE-2022-38398 | Server-Side Request Forgery Information Disclosure Vulnerability | | |
| CVE-2022-38399 | Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and Sma... | | |
| CVE-2022-38400 | Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input ... | E S | |
| CVE-2022-38401 | Adobe InCopy PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2022-38402 | Adobe InCopy SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2022-38403 | Adobe InCopy SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2022-38404 | Adobe InCopy SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2022-38405 | Adobe InCopy SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2022-38406 | Adobe InCopy EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-38407 | Adobe InCopy EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-38408 | Adobe Illustrator Improper Input Validation Arbitrary code execution | | |
| CVE-2022-38409 | Adobe Illustrator EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-38410 | Adobe Illustrator EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-38411 | Adobe Animate SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2022-38412 | Adobe Animate SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2022-38413 | Adobe InDesign SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2022-38414 | Adobe InDesign SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2022-38415 | Adobe InDesign PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2022-38416 | Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2022-38417 | Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2022-38418 | Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability | S | |
| CVE-2022-38419 | Adobe ColdFusion Solr Service XML External Entity Processing Arbitrary file system read | S | |
| CVE-2022-38420 | Adobe ColdFusion Use of Hard-coded Credentials Application denial-of-service | S | |
| CVE-2022-38421 | Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability | S | |
| CVE-2022-38422 | Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability | | |
| CVE-2022-38423 | Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability | | |
| CVE-2022-38424 | Adobe ColdFusion Application Server Directory Traversal Arbitrary file system write | | |
| CVE-2022-38425 | Adobe Bridge DCM File Parsing Use-After-Free Information Disclosure Vulnerability | S | |
| CVE-2022-38426 | Adobe Photoshop U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability | | |
| CVE-2022-38427 | Adobe Photoshop U3D File Parsing Uninitialized Variable Remote Code Execution Vulnerability | | |
| CVE-2022-38428 | Adobe Photoshop DCM File Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2022-38429 | Adobe Photoshop SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2022-38430 | Adobe Photoshop MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2022-38431 | Adobe Photoshop SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2022-38432 | Adobe Photoshop SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2022-38433 | Adobe Photoshop SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2022-38434 | Adobe Photoshop SVG File Parsing Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2022-38435 | Adobe Illustrator PCX File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2022-38436 | Adobe Illustrator CDR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2022-38437 | Adobe Acrobat Reader Use After Free Memory leak | | |
| CVE-2022-38438 | AEM Reflected XSS Arbitrary code execution | S | |
| CVE-2022-38439 | AEM Reflected XSS Arbitrary code execution | S | |
| CVE-2022-38440 | Adobe Dimension SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | S | |
| CVE-2022-38441 | Adobe Dimension GLB File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | S | |
| CVE-2022-38442 | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | S | |
| CVE-2022-38443 | Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2022-38444 | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | S | |
| CVE-2022-38445 | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | S | |
| CVE-2022-38446 | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | S | |
| CVE-2022-38447 | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | S | |
| CVE-2022-38448 | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability | S | |
| CVE-2022-38449 | Adobe Acrobat Reader DC JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2022-38450 | Adobe Acrobat Reader DC XFA Parsing Stack Overflow Remote Code Execution Vulnerability | | |
| CVE-2022-38451 | A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022... | E | |
| CVE-2022-38452 | A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi ... | E | |
| CVE-2022-38453 | Contec Health CMS8000 | M | |
| CVE-2022-38454 | WordPress Kraken.io Image Optimizer plugin <= 2.6.5 - Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2022-38456 | WordPress Ajax Search Lite Plugin <= 4.10.3 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2022-38457 | There is an UAF vulnerability in vmwgfx driver | | |
| CVE-2022-38458 | A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi... | E | |
| CVE-2022-38459 | A stack-based buffer overflow vulnerability exists in the httpd downfile.cgi functionality of Sirett... | E | |
| CVE-2022-38460 | WordPress NOTICE BOARD plugin <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-38461 | WordPress WPML Multilingual CMS premium plugin <= 4.5.10 - Broken Access Control vulnerability | S | |
| CVE-2022-38462 | Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return... | | |
| CVE-2022-38463 | ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.... | | |
| CVE-2022-38465 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA... | | |
| CVE-2022-38466 | A vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.... | | |
| CVE-2022-38467 | WordPress CRM Perks Forms Plugin <= 1.1.0 is vulnerable to Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2022-38468 | WordPress NextGEN Gallery Plugin <= 3.28 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-38469 | An unauthorized user with network access and the decryption key could decrypt sensitive data, su... | S | |
| CVE-2022-38470 | WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-38472 | An attacker could have abused XSLT error handling to associate attacker-controlled content with anot... | | |
| CVE-2022-38473 | A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (su... | | |
| CVE-2022-38474 | A website that had permission to access the microphone could record audio without the audio notifica... | | |
| CVE-2022-38475 | An attacker could have written a value to the first element in a zero-length JavaScript array. Altho... | | |
| CVE-2022-38476 | A data race could occur in the PK11_ChangePW function, potentially leading to a use-aft... | | |
| CVE-2022-38477 | Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in F... | | |
| CVE-2022-38478 | Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102... | | |
| CVE-2022-38481 | An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The application is prone to reflecte... | | |
| CVE-2022-38482 | A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.... | | |
| CVE-2022-38484 | An arbitrary file upload and directory traversal vulnerability exist in the file upload functionalit... | | |
| CVE-2022-38485 | A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to ... | E | |
| CVE-2022-38488 | logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username par... | E | |
| CVE-2022-38489 | An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-si... | | |
| CVE-2022-38490 | An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL inj... | | |
| CVE-2022-38491 | An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does ... | | |
| CVE-2022-38492 | An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL inje... | | |
| CVE-2022-38493 | Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP ... | S | |
| CVE-2022-38495 | LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary a... | E S | |
| CVE-2022-38496 | LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinarySt... | E S | |
| CVE-2022-38497 | LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tc... | E S | |
| CVE-2022-38509 | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id para... | E | |
| CVE-2022-38510 | Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNet... | E | |
| CVE-2022-38511 | TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via ... | E | |
| CVE-2022-38512 | The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 t... | | |
| CVE-2022-38527 | UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import func... | E | |
| CVE-2022-38528 | Open Asset Import Library (assimp) commit 3c253ca was discovered to contain a segmentation violation... | E | |
| CVE-2022-38529 | tinyexr commit 0647fb3 was discovered to contain a heap-buffer overflow via the component rleUncompr... | E | |
| CVE-2022-38530 | GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing IS... | E S | |
| CVE-2022-38531 | FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Remote Command Execution in the p... | E | |
| CVE-2022-38532 | Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in t... | E | |
| CVE-2022-38533 | In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when c... | S | |
| CVE-2022-38534 | TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via... | E | |
| CVE-2022-38535 | TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via... | E | |
| CVE-2022-38537 | Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the st... | | |
| CVE-2022-38538 | Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum pa... | | |
| CVE-2022-38539 | Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where param... | | |
| CVE-2022-38540 | Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs p... | | |
| CVE-2022-38541 | Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the st... | E | |
| CVE-2022-38542 | Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs p... | | |
| CVE-2022-38545 | Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows at... | E | |
| CVE-2022-38546 | A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which ... | | |
| CVE-2022-38547 | A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series ... | | |
| CVE-2022-38550 | A stored cross-site scripting (XSS) vulnerability in the /weibo/list component of Jeesns v2.0.0 allo... | E | |
| CVE-2022-38553 | Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site sc... | E | |
| CVE-2022-38555 | Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.... | E | |
| CVE-2022-38556 | Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80tel... | E | |
| CVE-2022-38557 | D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80tel... | | |
| CVE-2022-38562 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the funct... | E | |
| CVE-2022-38563 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the funct... | E | |
| CVE-2022-38564 | Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function f... | E | |
| CVE-2022-38565 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the funct... | E | |
| CVE-2022-38566 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the funct... | E | |
| CVE-2022-38567 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function fo... | E | |
| CVE-2022-38568 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the funct... | E | |
| CVE-2022-38569 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd.... | E | |
| CVE-2022-38570 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd.... | E | |
| CVE-2022-38571 | Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideLis... | E | |
| CVE-2022-38573 | 10-Strike Network Inventory Explorer v9.3 was discovered to contain a buffer overflow via the Add Co... | E | |
| CVE-2022-38576 | Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the com... | E | |
| CVE-2022-38577 | ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. ... | E | |
| CVE-2022-38580 | Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).... | | |
| CVE-2022-38582 | Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows at... | E | |
| CVE-2022-38583 | On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Netwo... | E | |
| CVE-2022-38594 | Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id par... | E | |
| CVE-2022-38595 | Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id par... | E | |
| CVE-2022-38599 | Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an informatio... | E | |
| CVE-2022-38600 | Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c.... | E | |
| CVE-2022-38604 | Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vul... | E M | |
| CVE-2022-38605 | Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id par... | E | |
| CVE-2022-38606 | Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id par... | E | |
| CVE-2022-38610 | Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id par... | E | |
| CVE-2022-38611 | Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking... | E | |
| CVE-2022-38613 | A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read ... | E | |
| CVE-2022-38614 | An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers... | E | |
| CVE-2022-38615 | SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the Us... | E | |
| CVE-2022-38616 | SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_... | E | |
| CVE-2022-38617 | SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:... | E | |
| CVE-2022-38618 | SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_... | | |
| CVE-2022-38619 | SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_... | E | |
| CVE-2022-38621 | Doufox v0.0.4 was discovered to contain a remote code execution (RCE) vulnerability via the edit fil... | E | |
| CVE-2022-38625 | Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the ... | | |
| CVE-2022-38627 | Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-... | E | |
| CVE-2022-38628 | Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-... | E | |
| CVE-2022-38633 | Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vulnerability which allows attac... | | |
| CVE-2022-38636 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-38637 | Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via... | E | |
| CVE-2022-38638 | Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath... | E S | |
| CVE-2022-38639 | A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 allows attackers to execute arbi... | E | |
| CVE-2022-38648 | PDFTranscoder does not block external resources | | |
| CVE-2022-38649 | Apache Airflow Pinot provider allowed Command Injection | S | |
| CVE-2022-38650 | A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.... | | |
| CVE-2022-38651 | A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulne... | | |
| CVE-2022-38652 | A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation ... | | |
| CVE-2022-38653 | HCL Digital Experience is susceptible to cross-site scripting (XSS) | | |
| CVE-2022-38654 | HCL Domino is susceptible to an information disclosure vulnerability | | |
| CVE-2022-38655 | HCL BigFix WebUI is affected by a missing-permission-check vulnerability | | |
| CVE-2022-38656 | HCL Commerce, when using Elasticsearch, could be affected by a denial of service vulnerability | | |
| CVE-2022-38657 | An open redirect to malicious sites affects HCL Leap | | |
| CVE-2022-38658 | HCL BigFix Server Automation (SA) is affected by a security vulnerability around Notification Service | | |
| CVE-2022-38659 | HCL BigFix Platform is affected by insecure credential storage | | |
| CVE-2022-38660 | HCL XPages applications are susceptible to Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2022-38661 | HCL Workload Automation is affected by a vulnerability in Jlog component of the Master Domain Manager | M | |
| CVE-2022-38662 | HCL Digital Experience is susceptible to open redirects | | |
| CVE-2022-38663 | Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credenti... | | |
| CVE-2022-38664 | Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name... | | |
| CVE-2022-38665 | Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its glo... | | |
| CVE-2022-38666 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disable... | | |
| CVE-2022-38667 | HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code executio... | E S | |
| CVE-2022-38668 | HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitializ... | E | |
| CVE-2022-38669 | In soundrecorder service, there is a missing permission check. This could lead to elevation of privi... | | |
| CVE-2022-38670 | In soundrecorder service, there is a missing permission check. This could lead to elevation of privi... | | |
| CVE-2022-38671 | In camera driver, there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2022-38672 | In face detect driver, there is a possible out of bounds write due to a missing bounds check. This c... | | |
| CVE-2022-38673 | In face detect driver, there is a possible out of bounds write due to a missing bounds check. This c... | | |
| CVE-2022-38674 | In wlan driver, there is a possible missing params check. This could lead to local denial of service... | | |
| CVE-2022-38675 | In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could le... | | |
| CVE-2022-38676 | In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lea... | | |
| CVE-2022-38677 | In cell service, there is a missing permission check. This could lead to local denial of service in ... | | |
| CVE-2022-38678 | In contacts service, there is a missing permission check. This could lead to local denial of service... | | |
| CVE-2022-38679 | In music service, there is a missing permission check. This could lead to local denial of service in... | | |
| CVE-2022-38680 | In wlan driver, there is a possible missing params check. This could lead to local denial of service... | | |
| CVE-2022-38681 | In wlan driver, there is a possible missing params check. This could lead to local denial of service... | | |
| CVE-2022-38682 | In contacts service, there is a missing permission check. This could lead to local denial of service... | | |
| CVE-2022-38683 | In contacts service, there is a missing permission check. This could lead to local denial of service... | | |
| CVE-2022-38684 | In contacts service, there is a missing permission check. This could lead to local denial of service... | | |
| CVE-2022-38685 | In bluetooth service, there is a possible missing permission check. This could lead to local denial ... | | |
| CVE-2022-38686 | In wlan driver, there is a possible missing params check. This could lead to local denial of service... | | |
| CVE-2022-38687 | In messaging service, there is a missing permission check. This could lead to local denial of servic... | | |
| CVE-2022-38688 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2022-38689 | In telephony service, there is a missing permission check. This could lead to local information disc... | | |
| CVE-2022-38690 | In camera driver, there is a possible memory corruption due to improper locking. This could lead to ... | | |
| CVE-2022-38697 | In messaging service, there is a missing permission check. This could lead to access unexpected prov... | | |
| CVE-2022-38698 | In messaging service, there is a missing permission check. This could lead to elevation of privilege... | | |
| CVE-2022-38699 | ASUS Armoury Crate Service - Arbitrary File Creation via Elevation of Privilege Flaw | S | |
| CVE-2022-38700 | multimedia subsystem has a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. | | |
| CVE-2022-38701 | IPC in communication subsystem has a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information. | | |
| CVE-2022-38702 | WordPress WP CSV Exporter Plugin <= 2.0 is vulnerable to CSV Injection | | |
| CVE-2022-38703 | WordPress Button Plugin MaxButtons plugin <= 9.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-38704 | WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-38705 | IBM CICS TX phishing | S | |
| CVE-2022-38707 | IBM Cognos Command Center information disclosure | S | |
| CVE-2022-38708 | IBM Cognos Analytics server-side request forgery | S | |
| CVE-2022-38709 | IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site ... | S | |
| CVE-2022-38710 | IBM Robotic Process Automation information disclosure | S | |
| CVE-2022-38712 | "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middl... | S | |
| CVE-2022-38714 | IBM DataStage on Cloud Pak for Data information disclosure | | |
| CVE-2022-38715 | A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GO... | E | |
| CVE-2022-38716 | WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2022-38723 | Gravitee API Management before 3.15.13 allows path traversal through HTML injection.... | | |
| CVE-2022-38724 | Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverst... | E S | |
| CVE-2022-38725 | An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote a... | | |
| CVE-2022-38730 | Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscont... | | |
| CVE-2022-38731 | Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parame... | | |
| CVE-2022-38732 | SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which cou... | | |
| CVE-2022-38733 | OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an authentication bypass vulnerab... | | |
| CVE-2022-38734 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 are susceptible to a Denial o... | | |
| CVE-2022-38735 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-38736 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-38737 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-38738 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-38739 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-38740 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-38741 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-38742 | Rockwell Automation ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack | | |
| CVE-2022-38743 | Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to ... | | |
| CVE-2022-38744 | FactoryTalk Alarm and Events Server Vulnerable to Denial-Of-Service Attack | | |
| CVE-2022-38745 | Apache OpenOffice: Empty entry in Java class path | | |
| CVE-2022-38749 | DoS in SnakeYAML | | |
| CVE-2022-38750 | DoS in SnakeYAML | E | |
| CVE-2022-38751 | DoS in SnakeYAML | | |
| CVE-2022-38752 | DoS in SnakeYAML | | |
| CVE-2022-38753 | This update resolves a multi-factor authentication bypass attack... | | |
| CVE-2022-38754 | CVE-2022-38754 - Micro Focus Operations Bridge Manager and OpsBridge Containerized - Cross Site Scripting (XSS) | S | |
| CVE-2022-38755 | Filr Remote unauthenticated user enumeration for versions prior to 4.3.1.1 | S | |
| CVE-2022-38756 | CVE-2022-38756 vulnerability in GW Web prior to 18.4.2 | S | |
| CVE-2022-38757 | CVE-2022-38757 ZENworks | S | |
| CVE-2022-38758 | XSS vulnerabilities in iManager | M | |
| CVE-2022-38764 | A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker ... | | |
| CVE-2022-38765 | Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An aut... | | |
| CVE-2022-38766 | The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rol... | E | |
| CVE-2022-38767 | An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet s... | | |
| CVE-2022-38768 | The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attacker... | | |
| CVE-2022-38769 | The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attacker... | | |
| CVE-2022-38770 | The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attacker... | | |
| CVE-2022-38771 | The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attacker... | | |
| CVE-2022-38772 | Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow A... | | |
| CVE-2022-38773 | Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of t... | | |
| CVE-2022-38774 | An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame f... | | |
| CVE-2022-38775 | An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which coul... | | |
| CVE-2022-38777 | An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which coul... | | |
| CVE-2022-38778 | A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow... | | |
| CVE-2022-38779 | An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arb... | | |
| CVE-2022-38784 | Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Strea... | E S | |
| CVE-2022-38785 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2905. Reason: This candidate... | R | |
| CVE-2022-38786 | Improper access control in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may... | S | |
| CVE-2022-38787 | Improper input validation in firmware for some Intel(R) FPGA products before version 2.7.0 Hotfix ma... | | |
| CVE-2022-38788 | An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ... | E | |
| CVE-2022-38789 | An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the ... | | |
| CVE-2022-38790 | Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious ... | E S | |
| CVE-2022-38791 | In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_m... | | |
| CVE-2022-38792 | The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted b... | S | |
| CVE-2022-38794 | Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.... | E | |
| CVE-2022-38795 | In Gitea through 1.17.1, repo cloning can occur in the migration function.... | S | |
| CVE-2022-38796 | A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular... | E | |
| CVE-2022-38801 | In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and co... | | |
| CVE-2022-38802 | Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, priv... | E | |
| CVE-2022-38803 | Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overt... | E | |
| CVE-2022-38808 | ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.... | E | |
| CVE-2022-38812 | AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.... | E | |
| CVE-2022-38813 | PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.ph... | E | |
| CVE-2022-38814 | A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506... | E | |
| CVE-2022-38817 | Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attacker... | E | |
| CVE-2022-38823 | In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample... | E | |
| CVE-2022-38826 | In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi.... | E | |
| CVE-2022-38827 | TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi... | E | |
| CVE-2022-38828 | TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi... | E | |
| CVE-2022-38829 | Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg.... | E | |
| CVE-2022-38830 | Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status.... | E | |
| CVE-2022-38831 | Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList... | E | |
| CVE-2022-38832 | School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admi... | E | |
| CVE-2022-38833 | School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admi... | E | |
| CVE-2022-38840 | cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) iss... | E | |
| CVE-2022-38841 | Linksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacha... | E | |
| CVE-2022-38843 | EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicio... | E | |
| CVE-2022-38844 | CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system co... | E | |
| CVE-2022-38845 | Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScr... | E | |
| CVE-2022-38846 | EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text c... | E | |
| CVE-2022-38850 | The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function conf... | E | |
| CVE-2022-38851 | Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_rec... | E | |
| CVE-2022-38853 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_s... | E | |
| CVE-2022-38855 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () ... | E | |
| CVE-2022-38856 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index(... | E | |
| CVE-2022-38858 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index(... | E | |
| CVE-2022-38860 | Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() ... | E | |
| CVE-2022-38861 | The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_m... | E | |
| CVE-2022-38862 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function play() of libaf/... | E | |
| CVE-2022-38863 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of ... | E | |
| CVE-2022-38864 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape0... | E | |
| CVE-2022-38865 | Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_rea... | E | |
| CVE-2022-38866 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libm... | | |
| CVE-2022-38867 | SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, 4.0.2, and 4.4.x in api.go, allows attac... | E | |
| CVE-2022-38868 | SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allo... | E | |
| CVE-2022-38870 | Free5gc v3.2.1 is vulnerable to Information disclosure.... | E | |
| CVE-2022-38871 | In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages.... | E | |
| CVE-2022-38873 | D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050... | E | |
| CVE-2022-38877 | Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/edi... | E | |
| CVE-2022-38878 | School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admi... | E | |
| CVE-2022-38880 | The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor insert... | E | |
| CVE-2022-38881 | The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor in... | E | |
| CVE-2022-38882 | The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor insert... | E | |
| CVE-2022-38883 | The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor insert... | E | |
| CVE-2022-38884 | The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor in... | E | |
| CVE-2022-38885 | The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor ... | E | |
| CVE-2022-38886 | The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserte... | E | |
| CVE-2022-38887 | The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inse... | E | |
| CVE-2022-38890 | Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf... | E S | |
| CVE-2022-38900 | decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.... | E | |
| CVE-2022-38901 | A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functional... | E | |
| CVE-2022-38902 | A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Lifer... | E S | |
| CVE-2022-38916 | A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacke... | E | |
| CVE-2022-38922 | BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL ... | E | |
| CVE-2022-38923 | BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in... | E | |
| CVE-2022-38928 | XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.... | E | |
| CVE-2022-38931 | A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4 allows ... | E | |
| CVE-2022-38932 | readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file.... | E S | |
| CVE-2022-38934 | readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabilities when parsing a crafted ELF ... | E S | |
| CVE-2022-38935 | An issue was discovered in NiterForum version 2.5.0-beta in /src/main/java/cn/niter/forum/api/SsoApi... | E | |
| CVE-2022-38936 | An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage... | E | |
| CVE-2022-38946 | Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, a... | E | |
| CVE-2022-38947 | SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title paramete... | E | |
| CVE-2022-38955 | An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Rang... | | |
| CVE-2022-38956 | An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range E... | | |
| CVE-2022-38970 | ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to ... | E | |
| CVE-2022-38971 | WordPress BuddyForms Plugin <= 2.7.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-38972 | Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movabl... | | |
| CVE-2022-38973 | Improper access control for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold ... | | |
| CVE-2022-38974 | WordPress WPML Multilingual CMS premium plugin <= 4.5.10 - Broken Access Control vulnerability | S | |
| CVE-2022-38975 | DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a r... | S | |
| CVE-2022-38977 | The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability... | | |
| CVE-2022-38978 | The secure OS module has configuration defects. Successful exploitation of this vulnerability may af... | | |
| CVE-2022-38979 | The secure OS module has configuration defects. Successful exploitation of this vulnerability may af... | | |
| CVE-2022-38980 | The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary... | | |
| CVE-2022-38981 | The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnera... | | |
| CVE-2022-38982 | The fingerprint module has service logic errors.Successful exploitation of this vulnerability will c... | | |
| CVE-2022-38983 | The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vu... | | |
| CVE-2022-38984 | The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Succes... | | |
| CVE-2022-38985 | The facial recognition module has a vulnerability in input validation.Successful exploitation of thi... | | |
| CVE-2022-38986 | The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel spa... | | |
| CVE-2022-38987 | The secure OS module has configuration defects. Successful exploitation of this vulnerability may af... | | |
| CVE-2022-38988 | The secure OS module has configuration defects. Successful exploitation of this vulnerability may af... | | |
| CVE-2022-38989 | The secure OS module has configuration defects. Successful exploitation of this vulnerability may af... | | |
| CVE-2022-38990 | The secure OS module has configuration defects. Successful exploitation of this vulnerability may af... | | |
| CVE-2022-38991 | The secure OS module has configuration defects. Successful exploitation of this vulnerability may af... | | |
| CVE-2022-38992 | The secure OS module has configuration defects. Successful exploitation of this vulnerability may af... | | |
| CVE-2022-38993 | The secure OS module has configuration defects. Successful exploitation of this vulnerability may af... | | |
| CVE-2022-38994 | The secure OS module has configuration defects. Successful exploitation of this vulnerability may af... | | |
| CVE-2022-38995 | The secure OS module has configuration defects. Successful exploitation of this vulnerability may af... | | |
| CVE-2022-38996 | The secure OS module has configuration defects. Successful exploitation of this vulnerability may af... | | |
| CVE-2022-38997 | The secure OS module has configuration defects. Successful exploitation of this vulnerability may af... | | |
| CVE-2022-38998 | The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Succes... | | |
| CVE-2022-38999 | The AOD module has the improper update of reference count vulnerability. Successful exploitation of ... | |