| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-4000 | WooCommerce Shipping - DPD baltic < 1.2.11 - Admin+ Stored XSS | E | |
| CVE-2022-4001 | An authentication bypass vulnerability could allow an attacker to access API functions without authe... | S | |
| CVE-2022-4002 | A command injection vulnerability could allow an authenticated user to execute operating system comm... | S | |
| CVE-2022-4003 | A denial-of-service vulnerability could allow an authenticated user to trigger an internal service r... | S | |
| CVE-2022-4004 | Donation Button <= 4.0.0 - Subscriber+ Broken Access Control leading to SMS Spam | E | |
| CVE-2022-4005 | Donation Button <= 4.0.0 - Contributor+ Stored XSS | E | |
| CVE-2022-4006 | WBCE CMS Header class.login.php increase_attempts excessive authentication | E S | |
| CVE-2022-4007 | A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, versio... | | |
| CVE-2022-4008 | In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which resul... | | |
| CVE-2022-4009 | In affected versions of Octopus Deploy it is possible for a user to introduce code via offline packa... | | |
| CVE-2022-4010 | Image Hover Effects < 5.5 - Admin+ Stored XSS | E | |
| CVE-2022-4011 | Simple History Plugin Header neutralization for logs | E | |
| CVE-2022-4012 | Hospital Management Center patient-info.php sql injection | E | |
| CVE-2022-4013 | Hospital Management Center appointment.php cross-site request forgery | E | |
| CVE-2022-4014 | FeehiCMS Post My Comment Tab cross-site request forgery | | |
| CVE-2022-4015 | Sports Club Management System make_payments.php sql injection | E | |
| CVE-2022-4016 | Booster for WooCommerce - Custom Role Creation/Deletion via CSRF | E | |
| CVE-2022-4017 | Booster for WooCommerce - Multiple CSRF | E | |
| CVE-2022-4018 | Missing Authentication for Critical Function in ikus060/rdiffweb | E S | |
| CVE-2022-4019 | Authenticated user could send multiple requests containing a large payload to a Playbooks API and can crash a Mattermost server | S | |
| CVE-2022-4020 | Acer Aspire BIOS vulnerability | | |
| CVE-2022-4021 | The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versi... | S | |
| CVE-2022-4022 | The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG fil... | S | |
| CVE-2022-4023 | 3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad | E | |
| CVE-2022-4024 | Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion | E | |
| CVE-2022-4025 | Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attack... | E | |
| CVE-2022-4027 | The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem... | S | |
| CVE-2022-4028 | The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem... | S | |
| CVE-2022-4029 | The Simple:Press plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sforu... | S | |
| CVE-2022-4030 | The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and includi... | S | |
| CVE-2022-4031 | The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up t... | S | |
| CVE-2022-4032 | The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'question[... | S | |
| CVE-2022-4033 | The Quiz and Survey Master plugin for WordPress is vulnerable to input validation bypass via the 'qu... | S | |
| CVE-2022-4034 | The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, ... | S | |
| CVE-2022-4035 | The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ ... | S | |
| CVE-2022-4036 | The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to,... | S | |
| CVE-2022-4037 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions star... | | |
| CVE-2022-4038 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2022-4039 | Rhsso-container-image: unsecured management interface exposed to adjecent network | | |
| CVE-2022-4041 | Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter | | |
| CVE-2022-4042 | Paytium < 4.3.7 - Admin+ Stored XSS | E | |
| CVE-2022-4043 | WP Custom Admin Interface < 7.29 - Admin+ PHP Object Injection | E | |
| CVE-2022-4044 | Authenticated user could send multiple requests containing a large Auto Responder Message payload and can crash a Mattermost server | E S | |
| CVE-2022-4045 | Authenticated user could send multiple requests containing a parameter which could fetch a large amount of data and can crash a Mattermost server | S | |
| CVE-2022-4046 | CODESYS: Improper memory restrictions fro CODESYS Control | M | |
| CVE-2022-4047 | Return Refund and Exchange For WooCommerce < 4.0.9 - Unauthenticated Arbitrary File Upload | E | |
| CVE-2022-4048 | CODESYS V3 prone to Inadequate Encryption Stregth | | |
| CVE-2022-4049 | WP User <= 7.0 - Unauthenticated SQLi | E | |
| CVE-2022-4050 | JoomSport < 5.2.8 - Unauthenticated SQLi | E | |
| CVE-2022-4051 | Hostel Searching Project view-property.php sql injection | E | |
| CVE-2022-4052 | Student Attendance Management System createClass.php sql injection | E | |
| CVE-2022-4053 | Student Attendance Management System createClass.php cross site scripting | E | |
| CVE-2022-4054 | An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all v... | E | |
| CVE-2022-4055 | When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead... | E | |
| CVE-2022-4057 | Autoptimize < 3.1.0 - Sensitive Data Disclosure | E | |
| CVE-2022-4058 | Photo Gallery < 1.8.3 - Stored XSS via CSRF | E | |
| CVE-2022-4059 | Cryptocurrency Widgets Pack < 2.0 - Unauthenticated SQLi | E | |
| CVE-2022-4060 | User Post Gallery <= 2.19 - Unauthenticated RCE | E | |
| CVE-2022-4061 | JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload | E | |
| CVE-2022-4062 | A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certa... | S | |
| CVE-2022-4063 | InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE | E | |
| CVE-2022-4064 | Dalli Meta Protocol request_formatter.rb self.meta_set injection | E S | |
| CVE-2022-4065 | cbeust testng XML File Parser JarFileUtils.java testngXmlExistsInJar path traversal | E S | |
| CVE-2022-4066 | davidmoreno onion Log response.c onion_response_flush allocation of resources | E S | |
| CVE-2022-4067 | Cross-site Scripting (XSS) - Stored in librenms/librenms | S | |
| CVE-2022-4068 | Improperly Controlled Modification of Dynamically-Determined Object Attributes in librenms/librenms | E S | |
| CVE-2022-4069 | Cross-site Scripting (XSS) - Generic in librenms/librenms | S | |
| CVE-2022-4070 | Insufficient Session Expiration in librenms/librenms | S | |
| CVE-2022-4071 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4072 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4073 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4074 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4075 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4076 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4077 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4078 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4079 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4080 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4081 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4082 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4083 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4084 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4085 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4086 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4087 | iPXE TLS tls.c tls_new_ciphertext information exposure | S | |
| CVE-2022-4088 | rickxy Stock Management System processlogin.php sql injection | E | |
| CVE-2022-4089 | rickxy Stock Management System processlogin.php cross site scripting | E | |
| CVE-2022-4090 | rickxy Stock Management System cross-site request forgery | E | |
| CVE-2022-4091 | SourceCodester Canteen Management System food.php query cross site scripting | E | |
| CVE-2022-4092 | An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. I... | E | |
| CVE-2022-4093 | SQL Injection in dolibarr/dolibarr | E S | |
| CVE-2022-4095 | A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter i... | S | |
| CVE-2022-4096 | Server-Side Request Forgery (SSRF) in appsmithorg/appsmith | E S | |
| CVE-2022-4097 | All In One WP Security & Firewall < 5.0.8 - IP Spoofing | E | |
| CVE-2022-4098 | Wiesemann & Theis: Multiple products prone to missing authentication through spoofing | | |
| CVE-2022-4099 | Joy Of Text Lite < 2.3.1 - Unauthenticated SQLi | E | |
| CVE-2022-4100 | WP Cerber Security <= 9.4 - IP Protection Bypass | S | |
| CVE-2022-4101 | Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion | E | |
| CVE-2022-4102 | Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Deletion | E | |
| CVE-2022-4103 | Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Creation | E | |
| CVE-2022-4104 | A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lep... | E | |
| CVE-2022-4105 | Cross-site Scripting (XSS) - Stored in kiwitcms/kiwi | E S | |
| CVE-2022-4106 | Wholesale Market for WooCommerce < 1.0.7 - Unauthenticated Arbitrary File Download | E | |
| CVE-2022-4107 | SMSA Shipping for WooCommerce < 1.0.5 - Subscriber+ Arbitrary File Download | E | |
| CVE-2022-4108 | Wholesale Market for WooCommerce < 1.0.8 - Admin+ Arbitrary File Download | E | |
| CVE-2022-4109 | Wholesale Market for WooCommerce < 2.0.0 - Admin+ Arbitrary Log Download | E | |
| CVE-2022-4110 | Eventify <= 2.1 - Admin+ Stored XSS | E | |
| CVE-2022-4111 | Improper Validation of Specified Quantity in Input in tooljet/tooljet | E S | |
| CVE-2022-4112 | Quizlord <= 2.0 - Admin+ Stored XSS | E | |
| CVE-2022-4114 | Superio - Job Board < 1.2.33 - Subscriber+ Stored Cross-Site Scripting | E | |
| CVE-2022-4115 | Editorial Calendar < 3.8.3 - Contributor+ Stored XSS | E | |
| CVE-2022-4116 | A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vu... | | |
| CVE-2022-4117 | IWS - Geo Form Fields <= 1.0 - Unauthenticated SQLi | E | |
| CVE-2022-4118 | Bitcoin / AltCoin Payment Gateway <= 1.7.1 - Unauthenticated SQLi | E | |
| CVE-2022-4119 | Image Optimizer, Resizer and CDN < 6.8.1 - Admin+ Stored XSS | E | |
| CVE-2022-4120 | Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection | E | |
| CVE-2022-4121 | In libetpan a null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailim... | E S | |
| CVE-2022-4122 | A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore... | S | |
| CVE-2022-4123 | A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to inco... | | |
| CVE-2022-4124 | Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion | E | |
| CVE-2022-4125 | Popup Manager <= 1.6.6 - Unauthenticated Stored XSS | E | |
| CVE-2022-4126 | Use of Default Password | | |
| CVE-2022-4127 | A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_al... | S | |
| CVE-2022-4128 | A NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when trave... | S | |
| CVE-2022-4129 | A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when cleari... | | |
| CVE-2022-4130 | A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to ... | | |
| CVE-2022-4131 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7... | | |
| CVE-2022-4132 | Memory leak on tls connections | S | |
| CVE-2022-4133 | Rejected reason: We were unable to verify this vulnerbility.... | R | |
| CVE-2022-4134 | A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tam... | | |
| CVE-2022-4135 | Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who h... | KEV E | |
| CVE-2022-4136 | Exposed Dangerous Method or Function in qmpaas/leadshop | E S | |
| CVE-2022-4137 | Keycloak: reflected xss attack | | |
| CVE-2022-4138 | A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before... | | |
| CVE-2022-4139 | An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially lea... | S | |
| CVE-2022-4140 | Welcart e-Commerce < 2.8.5 - Unauthenticated Arbitrary File Access | E | |
| CVE-2022-4141 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2022-4142 | WordPress Filter Gallery Plugin < 0.1.6 - Admin+ Stored XSS | E | |
| CVE-2022-4143 | An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from... | E | |
| CVE-2022-4144 | An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt(... | S | |
| CVE-2022-4145 | Content spoofing | | |
| CVE-2022-4146 | EL Injection Vulnerability in Hitachi Replication Manager | | |
| CVE-2022-4147 | Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET o... | | |
| CVE-2022-4148 | WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion | E | |
| CVE-2022-4149 | Local privilege escalation using log file | S | |
| CVE-2022-4150 | Contest Gallery < 19.1.5 - Author+ SQL Injection | E | |
| CVE-2022-4151 | Contest Gallery < 19.1.5 - Admin+ SQL Injection | E | |
| CVE-2022-4152 | Contest Gallery < 19.1.5 - Author+ SQL Injection | E | |
| CVE-2022-4153 | Contest Gallery < 19.1.5.1 - Author+ SQL Injection | E | |
| CVE-2022-4154 | Contest Gallery Pro < 19.1.5 - Admin+ SQL Injection | E | |
| CVE-2022-4155 | Contest Gallery < 19.1.5 - Admin+ SQL Injection | E | |
| CVE-2022-4156 | Contest Gallery < 19.1.5.1 - Unauthenticated SQL Injection | E | |
| CVE-2022-4157 | Contest Gallery < 19.1.5 - Admin+ SQL Injection | E | |
| CVE-2022-4158 | Contest Gallery < 19.1.5 - Unauthenticated SQL Injection | E | |
| CVE-2022-4159 | Contest Gallery < 19.1.5.1 - Author+ SQL Injection | E | |
| CVE-2022-4160 | Contest Gallery < 19.1.5 - Author+ SQL Injection | E | |
| CVE-2022-4161 | Contest Gallery < 19.1.5 - Author+ SQL Injection | E | |
| CVE-2022-4162 | Contest Gallery < 19.1.5 - Author+ SQL Injection | E | |
| CVE-2022-4163 | Contest Gallery < 19.1.5 - Author+ SQL Injection | E | |
| CVE-2022-4164 | Contest Gallery < 19.1.5 - Author+ SQL Injection | E | |
| CVE-2022-4165 | Contest Gallery < 19.1.5 - Author+ SQL Injection | E | |
| CVE-2022-4166 | Contest Gallery < 19.1.5 - Author+ SQL Injection | E | |
| CVE-2022-4167 | Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 p... | | |
| CVE-2022-4168 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-4169 | The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up t... | S | |
| CVE-2022-4170 | The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension,... | | |
| CVE-2022-4171 | The demon image annotation plugin for WordPress is vulnerable to improper input validation in versio... | S | |
| CVE-2022-4172 | An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Tab... | E S | |
| CVE-2022-4173 | Avast and AVG Antivirus for Windows vulnerable to Privilege Escalation | | |
| CVE-2022-4174 | Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentiall... | | |
| CVE-2022-4175 | Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker t... | | |
| CVE-2022-4176 | Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.... | | |
| CVE-2022-4177 | Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinc... | | |
| CVE-2022-4178 | Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had com... | | |
| CVE-2022-4179 | Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a ... | | |
| CVE-2022-4180 | Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a u... | | |
| CVE-2022-4181 | Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potenti... | | |
| CVE-2022-4182 | Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remo... | | |
| CVE-2022-4183 | Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a r... | | |
| CVE-2022-4184 | Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote... | | |
| CVE-2022-4185 | Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a ... | | |
| CVE-2022-4186 | Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allo... | | |
| CVE-2022-4187 | Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allow... | | |
| CVE-2022-4188 | Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.7... | | |
| CVE-2022-4189 | Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attac... | | |
| CVE-2022-4190 | Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote a... | | |
| CVE-2022-4191 | Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who conv... | | |
| CVE-2022-4192 | Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who... | | |
| CVE-2022-4193 | Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a... | | |
| CVE-2022-4194 | Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to... | | |
| CVE-2022-4195 | Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a r... | | |
| CVE-2022-4196 | Multi Step Form < 1.7.8 - Admin+ Stored XSS | E | |
| CVE-2022-4197 | Sliderby10Web < 1.2.53 - Admin+ Stored XSS | E | |
| CVE-2022-4198 | WP Social Sharing <= 2.2 - Admin+ Stored XSS | E | |
| CVE-2022-4199 | Link Library < 7.4.1 - Admin+ Stored XSS | E | |
| CVE-2022-4200 | Login with Cognito <= 1.4.8 - Admin+ Stored XSS | E | |
| CVE-2022-4201 | A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6... | E | |
| CVE-2022-4202 | GPAC lsr_dec.c lsr_translate_coords integer overflow | E S | |
| CVE-2022-4203 | X.509 Name Constraints Read Buffer Overflow | S | |
| CVE-2022-4205 | In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could overri... | E | |
| CVE-2022-4206 | A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.... | E | |
| CVE-2022-4207 | The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting v... | S | |
| CVE-2022-4208 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datef... | E S | |
| CVE-2022-4209 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'point... | E S | |
| CVE-2022-4210 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dnf' ... | E S | |
| CVE-2022-4211 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email... | E S | |
| CVE-2022-4212 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ipf' ... | E S | |
| CVE-2022-4213 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dn' p... | S | |
| CVE-2022-4214 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' p... | E S | |
| CVE-2022-4215 | The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date'... | E S | |
| CVE-2022-4216 | The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'facebook... | E S | |
| CVE-2022-4217 | The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key'... | E S | |
| CVE-2022-4218 | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,... | E S | |
| CVE-2022-4219 | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,... | E S | |
| CVE-2022-4220 | The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,... | E S | |
| CVE-2022-4221 | OS command injection in ASUS M25 NAS | E | |
| CVE-2022-4222 | SourceCodester Canteen Management System POST Request ajax_invoice.php query sql injection | E | |
| CVE-2022-4223 | The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user sele... | | |
| CVE-2022-4224 | CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3 | | |
| CVE-2022-4226 | Simple Basic Contact Form < 20221201 - Admin+ Stored XSS | E | |
| CVE-2022-4227 | Booster for WooCommerce - Reflected Cross-Site Scripting | E | |
| CVE-2022-4228 | SourceCodester Book Store Management System information disclosure | E | |
| CVE-2022-4229 | SourceCodester Book Store Management System index.php access control | E | |
| CVE-2022-4230 | WP Statistics < 13.2.9 - Authenticated SQLi | E | |
| CVE-2022-4231 | Tribal Systems Zenario CMS Remember Me session fixiation | E | |
| CVE-2022-4232 | SourceCodester Event Registration System unrestricted upload | | |
| CVE-2022-4233 | SourceCodester Event Registration System cross site scripting | | |
| CVE-2022-4234 | SourceCodester Canteen Management System brand.php builtin_echo cross site scripting | E | |
| CVE-2022-4235 | RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a ... | E | |
| CVE-2022-4236 | Welcart e-Commerce < 2.8.5 - Subscriber+ Arbitrary File Access | E | |
| CVE-2022-4237 | Welcart e-Commerce < 2.8.6 - Subscriber+ PHAR Deserialisation | E | |
| CVE-2022-4239 | Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR | E | |
| CVE-2022-4240 | Unauthenticated API allowing an attacker to obtain the information about network resources | | |
| CVE-2022-4242 | WP Google Review Slider < 11.6 - Admin+ Stored XSS | E | |
| CVE-2022-4243 | ImageInject <= 1.17 - Admin+ Stored XSS | E | |
| CVE-2022-4244 | Codehaus-plexus: directory traversal | | |
| CVE-2022-4245 | Codehaus-plexus: xml external entity (xxe) injection | | |
| CVE-2022-4246 | Kakao PotPlayer MID File denial of service | | |
| CVE-2022-4247 | Movie Ticket Booking System booking.php sql injection | E | |
| CVE-2022-4248 | Movie Ticket Booking System editBooking.php sql injection | E | |
| CVE-2022-4249 | Movie Ticket Booking System POST Request cross site scripting | E | |
| CVE-2022-4250 | Movie Ticket Booking System booking.php cross site scripting | E | |
| CVE-2022-4251 | Movie Ticket Booking System editBooking.php cross site scripting | E | |
| CVE-2022-4252 | SourceCodester Canteen Management System categories.php builtin_echo cross site scripting | E | |
| CVE-2022-4253 | SourceCodester Canteen Management System customer.php builtin_echo cross site scripting | E | |
| CVE-2022-4254 | sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters... | E S | |
| CVE-2022-4255 | An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior... | | |
| CVE-2022-4256 | All-in-One Addons for Elementor - WidgetKit < 2.4.4 - Admin+ Stored XSS | E | |
| CVE-2022-4257 | C-DATA Web Management System GET Parameter jumpto.php argument injection | E | |
| CVE-2022-4258 | Hima: Unquoted path vulnerabilities in HIMA PC based Software | M | |
| CVE-2022-4259 | Authenticated SQL Injection on Alerts in Guardian/CMC before 22.5.2 | S | |
| CVE-2022-4260 | WP-Ban < 1.69.1 - Admin+ Stored XSS | E | |
| CVE-2022-4261 | Rapid7 Nexpose Update Validation Issue | E M | |
| CVE-2022-4262 | Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentiall... | KEV S | |
| CVE-2022-4264 | Incorrect privilege assignment in M-Files Web Server | | |
| CVE-2022-4265 | Replyable < 2.2.10 - Subscriber+ PHP Object Injection | E | |
| CVE-2022-4266 | Bulk Delete Users by Email <= 1.2 - User Deletion via CSRF | E | |
| CVE-2022-4267 | Bulk Delete Users by Email <= 1.2 - Reflected Cross-Site Scripting | E | |
| CVE-2022-4268 | Plugin Logic < 1.0.8 - Admin+ SQLi | E | |
| CVE-2022-4269 | A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking con... | | |
| CVE-2022-4270 | Incorrect privilege assignment in M-Files Web Server | S | |
| CVE-2022-4271 | Cross-site Scripting (XSS) - Reflected in osticket/osticket | E S | |
| CVE-2022-4272 | FeMiner wms unrestricted upload | E | |
| CVE-2022-4273 | SourceCodester Human Resource Management System Content-Type employee.php unrestricted upload | E | |
| CVE-2022-4274 | House Rental System view-property.php sql injection | E | |
| CVE-2022-4275 | House Rental System POST Request search-property.php sql injection | E | |
| CVE-2022-4276 | House Rental System POST Request tenant-engine.php unrestricted upload | E | |
| CVE-2022-4277 | Shaoxing Background Management System Bd sql injection | E | |
| CVE-2022-4278 | SourceCodester Human Resource Management System employeeadd.php sql injection | E | |
| CVE-2022-4279 | SourceCodester Human Resource Management System employeeview.php cross site scripting | E | |
| CVE-2022-4280 | Dot Tech Smart Campus System findUser information disclosure | E | |
| CVE-2022-4281 | Facepay camera.php authorization | | |
| CVE-2022-4282 | SpringBootCMS Template Management injection | E | |
| CVE-2022-4283 | A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left... | | |
| CVE-2022-4284 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4285 | An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corr... | E S | |
| CVE-2022-4286 | Reflected Cross-Site Scripting Vulnerabilities in Automation Runtime | | |
| CVE-2022-4287 | Authentication bypass in local application lock feature in Devolutions Remote Desktop Manager 2022.... | | |
| CVE-2022-4289 | An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, vers... | | |
| CVE-2022-4290 | The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_saniti... | S | |
| CVE-2022-4291 | Aswjsflt.dll in Avast Antivirus windows caused a crash of the Mozilla Firefox browser due to heap corruption | | |
| CVE-2022-4292 | Use After Free in vim/vim | E S | |
| CVE-2022-4293 | Floating Point Comparison with Incorrect Operator in vim/vim | E S | |
| CVE-2022-4294 | Norton, Avira, Avast and AVG Antivirus for Windows Privilege Escalation | | |
| CVE-2022-4295 | Show All Comments < 7.0.1 - Reflected XSS | E | |
| CVE-2022-4296 | TP-Link TL-WR740N ARP resource consumption | E | |
| CVE-2022-4297 | WP AutoComplete Search <= 1.0.4 - Unauthenticated SQLi | E | |
| CVE-2022-4298 | Wholesale Market < 2.2.1 - Unauthenticated Arbitrary File Download | E | |
| CVE-2022-4299 | Metricool < 1.18 - Admin+ Stored XSS | E | |
| CVE-2022-4300 | FastCMS Template edit injection | E | |
| CVE-2022-4301 | Sunshine Photo Cart < 2.9.15 - Reflected XSS | E | |
| CVE-2022-4302 | White Label CMS < 2.5 - Admin+ PHP Object Injection | E | |
| CVE-2022-4303 | WP Limit Login Attempts <= 2.6.4 - IP Spoofing | E | |
| CVE-2022-4304 | Timing Oracle in RSA Decryption | | |
| CVE-2022-4305 | Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin | E | |
| CVE-2022-4306 | Panda Pods Repeater Field < 1.5.4 - Reflected XSS | E | |
| CVE-2022-4307 | Pardakht Delkhah < 2.9.3 - Unauthenticated Stored XSS | E | |
| CVE-2022-4308 | Clear-text passwords in configuration files | | |
| CVE-2022-4309 | Subscribe2 < 10.38 - User Deletion via CSRF | E | |
| CVE-2022-4310 | Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS | E | |
| CVE-2022-4311 | An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 throu... | | |
| CVE-2022-4312 | A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15... | | |
| CVE-2022-4313 | A vulnerability was reported where through modifying the scan variables, an authenticated user in Te... | | |
| CVE-2022-4314 | Improper Privilege Management in ikus060/rdiffweb | E S | |
| CVE-2022-4315 | An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before... | E | |
| CVE-2022-4317 | An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 befor... | E | |
| CVE-2022-4318 | Cri-o: /etc/passwd tampering privesc | | |
| CVE-2022-4320 | WordPress Events Calendar Plugin < 1.4.5 - Multiple Reflected XSS | E | |
| CVE-2022-4321 | PDF Generator for WordPress < 1.1.2 - Reflected XSS | E | |
| CVE-2022-4322 | maku-boot Scheduled Task AbstractScheduleJob.java doExecute injection | E S | |
| CVE-2022-4323 | Google Analyticator < 6.5.6 - Admin+ PHP Object Injection | E | |
| CVE-2022-4324 | Custom Field Template < 2.5.8 - Admin+ PHP Object Injection | E | |
| CVE-2022-4325 | Post Status Notifier Lite < 1.10.1 - Reflected XSS | E | |
| CVE-2022-4326 | Trellix xAgent permission bypass vulnerability | | |
| CVE-2022-4327 | Rejected reason: This issue does not bear any security risk as it's only exploitable by users with a... | R | |
| CVE-2022-4328 | WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload | E | |
| CVE-2022-4329 | Product list Widget for Woocommerce <= 1.0 - Reflected XSS | E | |
| CVE-2022-4330 | WP Attachments < 5.0.6 - Admin+ Stored XSS | E | |
| CVE-2022-4331 | An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, a... | | |
| CVE-2022-4332 | Sprecher: Vulnerable firmware verification | M | |
| CVE-2022-4333 | Sprecher: Sprecon maintenance access with hardcoded credentials | | |
| CVE-2022-4334 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-4335 | A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior t... | E | |
| CVE-2022-4336 | In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain sensitive i... | | |
| CVE-2022-4337 | An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.... | S | |
| CVE-2022-4338 | An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.... | S | |
| CVE-2022-4339 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-4340 | BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id | E | |
| CVE-2022-4341 | csliuwy coder-chain_gdut cross site scripting | E | |
| CVE-2022-4342 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7... | | |
| CVE-2022-4343 | Exposure of Sensitive Information to an Unauthorized Actor in GitLab | E S | |
| CVE-2022-4344 | Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 all... | | |
| CVE-2022-4345 | Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and ... | | |
| CVE-2022-4346 | All In One WP Security & Firewall < 5.1.3 - Configuration Leak | E | |
| CVE-2022-4347 | xiandafu beetl-bbs WebUtils.java cross site scripting | E | |
| CVE-2022-4348 | y_project RuoYi-Cloud JSON cross site scripting | E | |
| CVE-2022-4349 | CTF-hacker pwn delete.html cross-site request forgery | E | |
| CVE-2022-4350 | Mingsoft MCMS search.do cross site scripting | E | |
| CVE-2022-4351 | Qe SEO Handyman <= 1.0 - Admin+ SQLi | E | |
| CVE-2022-4352 | Qe SEO Handyman <= 1.0 - Admin+ SQLi | E | |
| CVE-2022-4353 | LinZhaoguan pb-cms IpUtil.getIpAddr cross site scripting | E | |
| CVE-2022-4354 | LinZhaoguan pb-cms Message Board comment cross site scripting | E | |
| CVE-2022-4355 | LetsRecover < 1.2.0 - Admin+ SQLi | E | |
| CVE-2022-4356 | LetsRecover < 1.2.0 - Admin+ SQLi | E | |
| CVE-2022-4357 | LetsRecover < 1.2.0 - Unauthenticated SQLi | E | |
| CVE-2022-4358 | WP RSS By Publishers <= 0.1 - Admin+ SQLi | E | |
| CVE-2022-4359 | WP RSS By Publishers <= 0.1 - Admin+ SQLi | E | |
| CVE-2022-4360 | WP RSS By Publishers <= 0.1 - Admin+ SQLi | E | |
| CVE-2022-4361 | Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) v... | S | |
| CVE-2022-4362 | Popup Maker < 1.16.9 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4363 | Wholesale Market <= 2.2.2 - Settings Update via CSRF | E | |
| CVE-2022-4364 | Teledyne FLIR AX8 Web Service palette.php command injection | E | |
| CVE-2022-4365 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7... | | |
| CVE-2022-4366 | Missing Authorization in lirantal/daloradius | E S | |
| CVE-2022-4367 | Rejected reason: Duplicate, use CVE-2023-4279 instead.... | R | |
| CVE-2022-4368 | WP CSV <= 1.8.0.0 - Reflected XSS via CSV Import | E | |
| CVE-2022-4369 | WP-Lister Lite for Amazon < 2.4.4 - Reflected XSS | E | |
| CVE-2022-4370 | Multimedial Images <= 1.0b - Admin+ SQLi | E | |
| CVE-2022-4371 | Web Invoice <= 2.1.3 - Authenticated SQLi | E | |
| CVE-2022-4372 | Web Invoice <= 2.1.3 - Authenticated SQLi | E | |
| CVE-2022-4373 | Quote-O-Matic <= 1.0.5 - Admin+ SQLi | E | |
| CVE-2022-4374 | Bg Bible References <= 3.8.14 - Reflected XSS | E | |
| CVE-2022-4375 | Mingsoft MCMS list sql injection | E | |
| CVE-2022-4376 | An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting f... | | |
| CVE-2022-4377 | S-CMS Contact Information Page cross site scripting | | |
| CVE-2022-4378 | A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain... | | |
| CVE-2022-4379 | A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux ker... | S | |
| CVE-2022-4381 | Popup Maker < 1.16.9 - Contributor+ Stored XSS via Subscription Form | E | |
| CVE-2022-4382 | A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver ... | E S | |
| CVE-2022-4383 | CBX Petition for WordPress <= 1.0.3 - Unauthenticated SQLi | E | |
| CVE-2022-4384 | Stream < 3.9.2 - Subscriber+ Alert Creation | E | |
| CVE-2022-4385 | Intuitive Custom Post Order < 3.1.4 - Subscriber+ Arbitrary Menu Order Update | E | |
| CVE-2022-4386 | Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF | E | |
| CVE-2022-4390 | A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 seri... | E S | |
| CVE-2022-4391 | Vision Interactive For WordPress <= 1.5.3 - Contributor+ Stored XSS | E | |
| CVE-2022-4392 | iPanorama 360 WordPress Virtual Tour Builder <= 1.6.29 - Contributor+ Stored XSS | E | |
| CVE-2022-4393 | ImageLinks Interactive Image Builder for WordPress <= 1.5.3 - Contributor+ Stored XSS | E | |
| CVE-2022-4394 | iPages Flipbook For WordPress <= 1.4.6 - Contributor+ Stored XSS | E | |
| CVE-2022-4395 | Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload | E | |
| CVE-2022-4396 | RDFlib pyrdfa3 __init__.py _get_option cross site scripting | S | |
| CVE-2022-4397 | morontt zend-blog-number-2 Comment Comment.php cross-site request forgery | S | |
| CVE-2022-4398 | Integer Overflow or Wraparound in radareorg/radare2 | S | |
| CVE-2022-4399 | TicklishHoneyBee nodau db.c sql injection | S | |
| CVE-2022-4400 | zbl1996 FS-Blog Title cross site scripting | | |
| CVE-2022-4401 | pallidlight online-course-selection-system cross site scripting | E | |
| CVE-2022-4402 | RainyGao DocSys ZIP File Decompression path traversal | | |
| CVE-2022-4403 | SourceCodester Canteen Management System ajax_represent.php sql injection | E | |
| CVE-2022-4404 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2022-4405 | Rejected reason: **REJECT** This is not considered a valid security vulnerability.... | R | |
| CVE-2022-4407 | Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq | S | |
| CVE-2022-4408 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq | E S | |
| CVE-2022-4409 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq | E S | |
| CVE-2022-4410 | The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in vers... | S | |
| CVE-2022-4411 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2022-4412 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2022-4413 | Cross-site Scripting (XSS) - Reflected in nuxt/framework | E S | |
| CVE-2022-4414 | Cross-site Scripting (XSS) - DOM in nuxt/framework | S | |
| CVE-2022-4415 | A vulnerability was found in systemd. This security flaw can cause a local information leak due to s... | E S | |
| CVE-2022-4416 | RainyGao DocSys getReposAllUsers.do getReposAllUsers sql injection | E | |
| CVE-2022-4417 | WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API | E | |
| CVE-2022-4418 | Local privilege escalation due to unrestricted loading of unsigned libraries. The following products... | | |
| CVE-2022-4421 | rAthena FluxCP Service Desk Image URL view.php cross site scripting | S | |
| CVE-2022-4422 | SQLi in Bulutdesk Callcenter | | |
| CVE-2022-4424 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2022-4425 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2022-4426 | Mautic Integration For WooCommerce < 1.0.3 - Arbitrary Options Update via CSRF | E | |
| CVE-2022-4427 | SQL Injection via OTRS Search API | S | |
| CVE-2022-4428 | support_uri validation missing in WARP client for Windows | S | |
| CVE-2022-4429 | Avira Security for Windows - Denial of Service | | |
| CVE-2022-4431 | WOOCS < 1.3.9.4 - Contributor+ Stored XSS | E | |
| CVE-2022-4432 | A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver t... | S | |
| CVE-2022-4433 | A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver t... | S | |
| CVE-2022-4434 | A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a loc... | S | |
| CVE-2022-4435 | A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe d... | S | |
| CVE-2022-4436 | Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to ... | | |
| CVE-2022-4437 | Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to pot... | | |
| CVE-2022-4438 | Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker wh... | | |
| CVE-2022-4439 | Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker... | | |
| CVE-2022-4440 | Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to pot... | | |
| CVE-2022-4441 | Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter | | |
| CVE-2022-4442 | WCK < 2.3.3 - Admin+ Stored XSS | E | |
| CVE-2022-4443 | BruteBank - WP Security & Firewall < 1.9 - Settings Update via CSRF | E | |
| CVE-2022-4444 | ipti br.tag cross site scripting | S | |
| CVE-2022-4445 | FL3R FeelBox <= 8.1 - Unauthenticated SQLi | E | |
| CVE-2022-4446 | PHP Remote File Inclusion in tsolucio/corebos | E S | |
| CVE-2022-4447 | Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi | E | |
| CVE-2022-4448 | GiveWP < 2.24.0 - Contributor+ Stored XSS | E | |
| CVE-2022-4449 | Page Scroll To ID < 1.7.6 - Contributor+ Stored XSS | E | |
| CVE-2022-4450 | Double free after calling PEM_read_bio_ex | S | |
| CVE-2022-4451 | Sassy Social Share < 3.3.45 - Contributor+ Stored XSS | E | |
| CVE-2022-4452 | Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote atta... | S | |
| CVE-2022-4453 | 3D FlipBook <= 1.13.2 - Contributor+ Stored XSS | E | |
| CVE-2022-4454 | m0ver bible-online Search search.java query sql injection | S | |
| CVE-2022-4455 | sproctor php-calendar index.php cross site scripting | S | |
| CVE-2022-4456 | falling-fruit cross site scripting | S | |
| CVE-2022-4457 | WARP client manifest misconfiguration leading to Task Hijacking | S | |
| CVE-2022-4458 | Amr Shortcode Any Widget <= 4.0 - Contributor+ Stored XSS | E | |
| CVE-2022-4459 | WP Show Posts < 1.1.4 - Contributor+ Stored XSS | E | |
| CVE-2022-4460 | Sidebar Widgets by CodeLights <= 1.4 - Contributor+ Stored XSS | E | |
| CVE-2022-4462 | An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all ... | | |
| CVE-2022-4463 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2022-4464 | Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS | E | |
| CVE-2022-4465 | WP Video Lightbox < 1.9.7 - Contributor+ Stored XSS | E | |
| CVE-2022-4466 | WordPress Infinite Scroll - Ajax Load More < 5.6.0.3 - Contributor+ Stored XSS | E | |
| CVE-2022-4467 | Search & Filter < 1.2.16 - Contributor+ Stored XSS | E | |
| CVE-2022-4468 | WP Recipe Maker < 8.6.1 - Contributor+ Stored XSS | E | |
| CVE-2022-4469 | Simple Membership < 4.2.2 - Contributor+ Stored XSS | E | |
| CVE-2022-4470 | Widgets for Google Reviews < 9.8 - Contributor+ Stored XSS | E | |
| CVE-2022-4471 | YARPP - Yet Another Related Posts Plugin < 5.30.3 - Contributor+ Stored XSS | E | |
| CVE-2022-4472 | Simple Sitemap < 3.5.8 - Contributor+ Stored XSS | E | |
| CVE-2022-4473 | Widget Shortcode <= 0.3.5 - Contributor+ Stored XSS | E | |
| CVE-2022-4474 | Easy Social Feed – Social Photos Gallery – Post Feed – Like Box < 6.4.0 - Contributor+ Stored XSS | E | |
| CVE-2022-4475 | Collapse-O-Matic < 1.8.3 - Contributor+ Stored XSS | E | |
| CVE-2022-4476 | Download Manager < 3.2.62 - Contributor+ Stored XSS | E | |
| CVE-2022-4477 | Smash Balloon Social Post Feed < 4.1.6 - Contributor+ Stored XSS | E | |
| CVE-2022-4478 | Font Awesome < 4.3.2 - Contributor+ Stored XSS | E | |
| CVE-2022-4479 | Table of Contents Plus < 2212 - Contributor+ Stored XSS | E | |
| CVE-2022-4480 | Click to Chat < 3.18.1 - Contributor+ Stored XSS | E | |
| CVE-2022-4481 | Mesmerize Companion < 1.6.135 - Contributor+ Stored XSS | E | |
| CVE-2022-4482 | Carousel, Slider, Gallery by WP Carousel < 2.5.3 - Contributor+ Stored XSS | E | |
| CVE-2022-4483 | Insert Pages < 3.7.5 - Contributor+ Stored XSS | E | |
| CVE-2022-4484 | Super Socializer < 7.13.44 - Contributor+ Stored XSS | E | |
| CVE-2022-4485 | Page-list < 5.3 - Contributor+ Stored XSS | E | |
| CVE-2022-4486 | Meteor Slides < 1.5.7 - Contributor+ Stored XSS | E | |
| CVE-2022-4487 | Easy Accordion < 2.2.0 - Contributor+ Stored XSS | E | |
| CVE-2022-4488 | Widgets on Pages < 1.8.0 - Contributor+ Stored XSS | E | |
| CVE-2022-4489 | WOOF - Products Filter for WooCommerce < 1.3.2 - Admin+ PHP Object Injection | E | |
| CVE-2022-4491 | WP Table Reloaded <= 1.9.4 - Contributor+ Stored XSS | E | |
| CVE-2022-4492 | The undertow client is not checking the server identity presented by the server certificate in https... | | |
| CVE-2022-4493 | scifio ZIP File DefaultSampleFilesService.java downloadAndUnpackResource path traversal | S | |
| CVE-2022-4494 | bspkrs MCPMappingViewer ZIP File RemoteZipHandler.java extractZip path traversal | S | |
| CVE-2022-4495 | collective.dms.basecontent column.py renderCell cross site scripting | S | |
| CVE-2022-4496 | miniOrange WordPress SAML SSO multiple versions - Open Redirect in SSO login | E | |
| CVE-2022-4497 | Jetpack CRM < 5.5 - Contributor+ Stored XSS | E | |
| CVE-2022-4498 | A vulnerable HTTP Basic Authentication process in TP-Link routers, Archer C5 and WR710N-V1, is susceptible to either a DoS or an arbitrary code execution via any interface. | | |
| CVE-2022-4499 | The strcmp function in TP-Link routers, Archer C5 and WR710N-V1, used for checking credentials in httpd, is susceptible to a side-channel attack. | | |
| CVE-2022-4501 | The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capabili... | S | |
| CVE-2022-4502 | Cross-site Scripting (XSS) - Reflected in openemr/openemr | E S | |
| CVE-2022-4503 | Cross-site Scripting (XSS) - Generic in openemr/openemr | E S | |
| CVE-2022-4504 | Improper Input Validation in openemr/openemr | E S | |
| CVE-2022-4505 | Authorization Bypass Through User-Controlled Key in openemr/openemr | E S | |
| CVE-2022-4506 | Unrestricted Upload of File with Dangerous Type in openemr/openemr | E S | |
| CVE-2022-4507 | Real Cookie Banner < 3.4.10 - Contributor+ Stored XSS | E | |
| CVE-2022-4508 | ConvertKit < 2.0.5 - Contributor+ Stored XSS | E | |
| CVE-2022-4509 | Content Control < 1.1.10 - Contributor+ Stored XSS | E | |
| CVE-2022-4510 | Path Traversal in binwalk | E S | |
| CVE-2022-4511 | RainyGao DocSys path traversal | E | |
| CVE-2022-4512 | Better Font Awesome < 2.0.4 - Contributor+ Stored XSS | E | |
| CVE-2022-4513 | European Environment Agency eionet.contreg cross site scripting | S | |
| CVE-2022-4514 | Opencaching Deutschland oc-server3 varset.inc.php cross site scripting | S | |
| CVE-2022-4515 | A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the... | E | |
| CVE-2022-4516 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-4519 | The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings param... | | |
| CVE-2022-4520 | WSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scripting | E S | |
| CVE-2022-4521 | WSO2 carbon-registry Request Parameter cross site scripting | S | |
| CVE-2022-4522 | CalendarXP cross site scripting | S | |
| CVE-2022-4523 | vexim2 cross site scripting | S | |
| CVE-2022-4524 | Roots soil Plugin CleanUpModule.php language_attributes cross site scripting | S | |
| CVE-2022-4525 | National Sleep Research Resource sleepdata.org cross site scripting | S | |
| CVE-2022-4526 | django-photologue Default Template photo_detail.html cross site scripting | S | |
| CVE-2022-4527 | collective.task table.py AssignedGroupColumn cross site scripting | S | |
| CVE-2022-4528 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2022-4529 | Security, Antivirus, Firewall – S.A.F <= 2.3.5 - IP Address Spoofing to Protection Mechanism Bypass | | |
| CVE-2022-4530 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2022-4531 | Rejected reason: Not a valid vulnerability.... | R | |
| CVE-2022-4532 | LOGIN AND REGISTRATION ATTEMPTS LIMIT<= 2.1 - IP Address Spoofing to Protection Mechanism Bypass | | |
| CVE-2022-4533 | Limit Login Attempts Plus <= 1.1.0 - IP Address Spoofing to Protection Mechanism Bypass | | |
| CVE-2022-4534 | Limit Login Attempts (Spam Protection) <= 5.3 - IP Address Spoofing to Protection Mechanism Bypass | | |
| CVE-2022-4536 | IP Vault – WP Firewall <= 1.1 - IP Address Spoofing to Protection Mechanism Bypass | S | |
| CVE-2022-4537 | The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in ... | | |
| CVE-2022-4538 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2022-4539 | Web Application Firewall <= 2.1.2 - IP Address Spoofing to Protection Mechanism Bypass | S | |
| CVE-2022-4540 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in... | R | |
| CVE-2022-4541 | WordPress Visitors <= 1.0 - Unauthenticated Stored Cross-Site Scripting via HTTP Header | | |
| CVE-2022-4542 | Compact WP Audio Player < 1.9.8 - Contributor+ Stored XSS | E | |
| CVE-2022-4543 | A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue coul... | E | |
| CVE-2022-4544 | MashShare < 3.8.7 - Contributor+ Stored XSS | E | |
| CVE-2022-4545 | Sitemap < 4.4 - Contributor+ Stored XSS | E | |
| CVE-2022-4546 | Mapwiz <= 1.0.1 - Admin+ SQLi | E | |
| CVE-2022-4547 | Conditional Payment Methods for WooCommerce <= 1.0 - Admin+ SQLi | E | |
| CVE-2022-4548 | Optimize images ALT Text (alt tag) & names for SEO using AI < 2.0.8 - Settings Update via CSRF | E | |
| CVE-2022-4549 | Tickera < 3.5.1.0 - Plugin Data Deletion via CSRF | E | |
| CVE-2022-4550 | User Activity <= 1.0.1 - IP Spoofing | E | |
| CVE-2022-4551 | Rich Table of Contents < 1.3.9 - Contributor+ Stored XSS | E | |
| CVE-2022-4552 | FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS | E | |
| CVE-2022-4553 | FL3R FeelBox <= 8.1 - Moods Reset via CSRF | E | |
| CVE-2022-4554 | Reflected XSS B2B Dealer Ordering System | S | |
| CVE-2022-4555 | The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability... | | |
| CVE-2022-4556 | Alinto SOGo Identity SOGoUserDefaults.m _migrateMailIdentities cross site scripting | S | |
| CVE-2022-4557 | SQL Injection in Smartpower Web | S | |
| CVE-2022-4558 | Alinto SOGo Folder/Mail NSString+Utilities.m cross site scripting | S | |
| CVE-2022-4559 | INEX IPX-Manager list.foil.php cross site scripting | S | |
| CVE-2022-4560 | Joget wflow-core UniversalTheme.java getInternalJsCssLib cross site scripting | S | |
| CVE-2022-4561 | SemanticDrilldown Extension GET Parameter SDBrowseDataPage.php printFilterLine cross site scripting | S | |
| CVE-2022-4562 | Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS | E | |
| CVE-2022-4563 | Freedom of the Press SecureDrop gpg-agent.conf symlink | S | |
| CVE-2022-4564 | University of Central Florida Materia API Controller api.php before cross-site request forgery | S | |
| CVE-2022-4565 | Dromara HuTool cn.hutool.core.util.ZipUtil.java resource consumption | E | |
| CVE-2022-4566 | y_project RuoYi GenController sql injection | E | |
| CVE-2022-4567 | Improper Access Control in openemr/openemr | E S | |
| CVE-2022-4568 | A directory permissions management vulnerability in Lenovo System Update may allow elevation of priv... | S | |
| CVE-2022-4569 | A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Upd... | S | |
| CVE-2022-4570 | Top 10 < 3.2.3 - Contributor+ Stored XSS | E | |
| CVE-2022-4571 | Seriously Simple Podcasting < 2.19.1 - Contributor+ Stored XSS | E | |
| CVE-2022-4572 | UBI Reader UBIFS File output.py ubireader_extract_files path traversal | S | |
| CVE-2022-4573 | An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker... | S | |
| CVE-2022-4574 | An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an at... | S | |
| CVE-2022-4575 | A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some... | S | |
| CVE-2022-4576 | Easy Bootstrap Shortcode <= 4.5.4 - Contributor+ Stored XSS | E | |
| CVE-2022-4577 | Easy Testimonials < 3.9.3 - Contributor+ Stored XSS | E | |
| CVE-2022-4578 | Video Conferencing with Zoom < 4.0.10 - Contributor+ Stored XSS | E | |
| CVE-2022-4579 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-4580 | Twenty20 Image Before-After <= 1.5.9 - Contributor+ Stored XSS | E | |
| CVE-2022-4581 | 1j01 mind-map app.coffee cross site scripting | S | |
| CVE-2022-4582 | starter-public-edition-4 cross site scripting | S | |
| CVE-2022-4583 | jLEMS JUtil.java unpackJar path traversal | E S | |
| CVE-2022-4584 | Axiomatic Bento4 mp42aac heap-based overflow | E | |
| CVE-2022-4585 | Opencaching Deutschland oc-server3 Cookie start.tpl cross site scripting | S | |
| CVE-2022-4586 | Opencaching Deutschland oc-server3 Cachelist cachelists.tpl cross site scripting | S | |
| CVE-2022-4587 | Opencaching Deutschland oc-server3 Login Page login.tpl cross site scripting | S | |
| CVE-2022-4588 | Boston Sleep slice Layout cross site scripting | S | |
| CVE-2022-4589 | cyface Terms and Conditions Module views.py returnTo redirect | S | |
| CVE-2022-4590 | mschaef toto Todo List cross site scripting | S | |
| CVE-2022-4591 | mschaef toto Email Parameter cross site scripting | S | |
| CVE-2022-4592 | luckyshot CRMx index.php commentdelete sql injection | S | |
| CVE-2022-4593 | retra-system cross site scripting | S | |
| CVE-2022-4594 | drogatkin TJWS2 WarRoller.java deployWar path traversal | S | |
| CVE-2022-4595 | django-openipam exposed_hosts.html cross site scripting | S | |
| CVE-2022-4596 | Shoplazza Add Blog Post cross site scripting | E | |
| CVE-2022-4597 | Shoplazza LifeStyle Create Product v2_products cross site scripting | E | |
| CVE-2022-4598 | Shoplazza LifeStyle Announcement cross site scripting | | |
| CVE-2022-4599 | Shoplazza LifeStyle Product cross site scripting | | |
| CVE-2022-4600 | Shoplazza LifeStyle Product Carousel cross site scripting | | |
| CVE-2022-4601 | Shoplazza LifeStyle Shipping/Member Discount/Icon cross site scripting | | |
| CVE-2022-4602 | Shoplazza LifeStyle Review Flow cross site scripting | | |
| CVE-2022-4603 | ppp pppdump pppdump.c dumpppp array index | S | |
| CVE-2022-4604 | wp-english-wp-admin Plugin english-wp-admin.php register_endpoints cross-site request forgery | S | |
| CVE-2022-4605 | Cross-site Scripting (XSS) - Stored in flatpressblog/flatpress | E S | |
| CVE-2022-4606 | PHP Remote File Inclusion in flatpressblog/flatpress | E S | |
| CVE-2022-4607 | 3D City Database OGC Web Feature Service xml external entity reference | S | |
| CVE-2022-4608 | A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 se... | S | |
| CVE-2022-4609 | Cross-site Scripting (XSS) - Stored in usememos/memos | E S | |
| CVE-2022-4610 | Click Studios Passwordstate risky encryption | E | |
| CVE-2022-4611 | Click Studios Passwordstate hard-coded credentials | E | |
| CVE-2022-4612 | Click Studios Passwordstate insufficiently protected credentials | E | |
| CVE-2022-4613 | Click Studios Passwordstate Browser Extension Provisioning improper authorization | E | |
| CVE-2022-4614 | Cross-site Scripting (XSS) - Stored in alagrede/znote-app | E S | |
| CVE-2022-4615 | Cross-site Scripting (XSS) - Reflected in openemr/openemr | E S | |
| CVE-2022-4616 | The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through th... | S | |
| CVE-2022-4617 | Cross-site Scripting (XSS) - Reflected in microweber/microweber | E S | |
| CVE-2022-4618 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-4619 | The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable to Stored Cross-Site Scripting ... | | |
| CVE-2022-4621 | Panasonic Sanyo CCTV Network Camera | S | |
| CVE-2022-4622 | Login Logout Menu <= 1.3.3 - Contributor+ Stored XSS in Shortcode | E | |
| CVE-2022-4623 | ND Shortcodes < 7.0 - Contributor+ Stored XSS via Shortcodes | E | |
| CVE-2022-4624 | GS Logo Slider < 3.3.8 - Contributor+ Stored XSS in Shortcode | E | |
| CVE-2022-4625 | Login Logout Menu < 1.4.0 - Contributor+ Stored XSS in Shortcode | E | |
| CVE-2022-4626 | PPWP – WordPress Password Protect Page < 1.8.6 - Contributor+ Stored XSS in Shortcode | E | |
| CVE-2022-4627 | ShiftNav – Responsive Mobile Menu < 1.7.2 - Contributor+ Stored XSS in Shortcode | E | |
| CVE-2022-4628 | Easy PayPal Buy Now Button < 1.7.4 - Contributor+ Stored XSS in Shortcode | E | |
| CVE-2022-4629 | Product Slider for WooCommerce < 2.6.4 - Contributor+ Stored XSS in Shortcode | E | |
| CVE-2022-4630 | Sensitive Cookie Without 'HttpOnly' Flag in lirantal/daloradius | E S | |
| CVE-2022-4631 | WP-Ban ban-options.php cross site scripting | S | |
| CVE-2022-4632 | Auto Upload Images cross site scripting | S | |
| CVE-2022-4633 | Auto Upload Images Settings setting-page.php cross-site request forgery | S | |
| CVE-2022-4634 | CVE-2022-4634 | S | |
| CVE-2022-4636 | Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002... | S | |
| CVE-2022-4637 | ep3-bs cross site scripting | S | |
| CVE-2022-4638 | collective.contact.widget widgets.py title cross site scripting | S | |
| CVE-2022-4639 | sslh Packet Dumping probe.c hexdump format string | S | |
| CVE-2022-4640 | Mingsoft MCMS Article save cross site scripting | E | |
| CVE-2022-4641 | pig-vector LogisticRegression.java LogisticRegression temp file | S | |
| CVE-2022-4642 | tatoeba2 Profile Name cross site scripting | S | |
| CVE-2022-4643 | docconv pdf_ocr.go ConvertPDFImages os command injection | S | |
| CVE-2022-4644 | Open Redirect in ikus060/rdiffweb | E S | |
| CVE-2022-4645 | LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause... | E S | |
| CVE-2022-4646 | Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb | S | |
| CVE-2022-4647 | Cross-site Scripting (XSS) - Stored in microweber/microweber | S | |
| CVE-2022-4648 | Real Testimonials < 2.6.0 - Contributor+ Stored XSS | E | |
| CVE-2022-4649 | WP Extended Search < 2.1.2 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4650 | HashBar – WordPress Notification Bar < 1.3.6 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4651 | Justified Gallery < 1.7.1 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4652 | Video Background < 2.7.5 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4653 | Greenshift – animation and page builder blocks < 4.8.9 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4654 | Pricing Tables WordPress Plugin – Easy Pricing Tables < 3.2.3 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4655 | Welcart e-Commerce < 2.8.9 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4656 | WP Visitor Statistics (Real Time Traffic) < 6.5 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4657 | Restaurant Menu < 2.3.6 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4658 | RSSImport <= 4.6.1 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4659 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-4661 | Woo Products Widgets For Elementor < 1.0.8 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4662 | A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user att... | | |
| CVE-2022-4663 | The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_logi... | E | |
| CVE-2022-4664 | Logo Slider < 3.6.0 - Contributor+ Stored XSS in Shortcode | E | |
| CVE-2022-4665 | Unrestricted Upload of File with Dangerous Type in ampache/ampache | E S | |
| CVE-2022-4666 | Markup <= 4.8.1 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4667 | RSS Aggregator by Feedzy < 4.1.1 - Contributor+ Stored XSS | E | |
| CVE-2022-4668 | Easy Appointments < 3.11.2 - Contributor+ Stored XSS in Shortcode | E | |
| CVE-2022-4669 | Page Builder: Live Composer < 1.5.23 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4670 | PDF.js Viewer < 2.1.8 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4671 | PixCodes < 2.3.7 - Contributor+ Stored XSS in Shortcode | E | |
| CVE-2022-4672 | WordPress Simple Shopping Cart < 4.6.2 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4673 | Rate my Post – WP Rating System < 3.3.9 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4674 | Ibtana – WordPress Website Builder < 1.1.8.8 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4675 | Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4676 | OSM – OpenStreetMap <= 6.01 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4677 | Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 3.12.7 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4678 | TemplatesNext ToolKit < 3.2.8 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4679 | Wufoo Shortcode < 1.52 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4680 | Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 9.0.11 - PHP Object Injection | E | |
| CVE-2022-4681 | Hide My WP < 6.2.9 - Unauthenticated SQLi | E | |
| CVE-2022-4682 | Lightbox Gallery < 0.9.5 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4683 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in usememos/memos | E S | |
| CVE-2022-4684 | Improper Access Control in usememos/memos | E S | |
| CVE-2022-4685 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was inco... | R | |
| CVE-2022-4686 | Authorization Bypass Through User-Controlled Key in usememos/memos | E S | |
| CVE-2022-4687 | Incorrect Use of Privileged APIs in usememos/memos | E S | |
| CVE-2022-4688 | Improper Authorization in usememos/memos | E S | |
| CVE-2022-4689 | Improper Access Control in usememos/memos | E S | |
| CVE-2022-4690 | Cross-site Scripting (XSS) - Stored in usememos/memos | E S | |
| CVE-2022-4691 | Cross-site Scripting (XSS) - Stored in usememos/memos | E S | |
| CVE-2022-4692 | Cross-site Scripting (XSS) - Stored in usememos/memos | E S | |
| CVE-2022-4693 | User Verification < 1.0.94 - Authentication Bypass | E | |
| CVE-2022-4694 | Cross-site Scripting (XSS) - Stored in usememos/memos | E S | |
| CVE-2022-4695 | Cross-site Scripting (XSS) - Stored in usememos/memos | E S | |
| CVE-2022-4696 | There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_S... | E S | |
| CVE-2022-4697 | The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_user_... | S | |
| CVE-2022-4698 | The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form ... | S | |
| CVE-2022-4699 | MediaElement.js – HTML5 Video & Audio Player <= 4.2.8 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4700 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the ... | | |
| CVE-2022-4701 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the ... | | |
| CVE-2022-4702 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the ... | | |
| CVE-2022-4703 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the ... | | |
| CVE-2022-4704 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the ... | | |
| CVE-2022-4705 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the ... | | |
| CVE-2022-4706 | Genesis Columns Advanced < 2.0.4 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4707 | The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versi... | | |
| CVE-2022-4708 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the ... | | |
| CVE-2022-4709 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the ... | | |
| CVE-2022-4710 | The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in v... | | |
| CVE-2022-4711 | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the ... | E | |
| CVE-2022-4712 | The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log... | | |
| CVE-2022-4714 | WP Dark Mode < 4.0.0 - Contributor+ Stored XSS in Shortcode | E | |
| CVE-2022-4715 | Structured Content < 1.5.1 - Contributor+ Stored XSS in Shortcode | E | |
| CVE-2022-4716 | WP Popups < 2.1.4.8 - Contributor+ Stored XSS | E | |
| CVE-2022-4717 | Strong Testimonials < 3.0.3 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4718 | Landing Page Builder < 1.4.9.9 - Contributor+ Cross-Site Scripting via Shortcode | E | |
| CVE-2022-4719 | Business Logic Errors in ikus060/rdiffweb | E S | |
| CVE-2022-4720 | Open Redirect in ikus060/rdiffweb | E S | |
| CVE-2022-4721 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in ikus060/rdiffweb | E S | |
| CVE-2022-4722 | Authentication Bypass by Primary Weakness in ikus060/rdiffweb | E S | |
| CVE-2022-4723 | Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb | E S | |
| CVE-2022-4724 | Improper Access Control in ikus060/rdiffweb | E S | |
| CVE-2022-4725 | AWS SDK XML Parser XpathUtils.java XpathUtils server-side request forgery | S | |
| CVE-2022-4726 | SourceCodester Sanitization Management System Admin Login sql injection | | |
| CVE-2022-4727 | OpenMRS Appointment Scheduling Module Notes AppointmentRequest.java getNotes cross site scripting | S | |
| CVE-2022-4728 | Graphite Web Cookie cross site scripting | E S | |
| CVE-2022-4729 | Graphite Web Template Name cross site scripting | E S | |
| CVE-2022-4730 | Graphite Web Absolute Time Range cross site scripting | E S | |
| CVE-2022-4731 | myapnea Title cross site scripting | S | |
| CVE-2022-4732 | Unrestricted Upload of File with Dangerous Type in microweber/microweber | E S | |
| CVE-2022-4733 | Cross-site Scripting (XSS) - Stored in openemr/openemr | E S | |
| CVE-2022-4734 | Improper Removal of Sensitive Information Before Storage or Transfer in usememos/memos | E S | |
| CVE-2022-4735 | asrashley dash-live DOM Node media.js ready cross site scripting | S | |
| CVE-2022-4736 | Venganzas del Pasado cross site scripting | S | |
| CVE-2022-4737 | SourceCodester Blood Bank Management System login.php sql injection | | |
| CVE-2022-4738 | SourceCodester Blood Bank Management System User Registration cross site scripting | | |
| CVE-2022-4739 | SourceCodester School Dormitory Management System Admin Login sql injection | | |
| CVE-2022-4740 | kkFileView picturesPreview setWatermarkAttribute cross site scripting | E | |
| CVE-2022-4741 | docconv XMLToText memory allocation | S | |
| CVE-2022-4742 | json-pointer index.js set prototype pollution | S | |
| CVE-2022-4743 | A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_... | S | |
| CVE-2022-4744 | A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user... | | |
| CVE-2022-4745 | WP Customer Area < 8.1.4 - Unauthorised Actions via CSRF | E | |
| CVE-2022-4746 | FluentAuth < 1.0.2 - Bypass blocks by IP Spoofing | E | |
| CVE-2022-4747 | Post Category Image With Grid and Slider < 1.4.8 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4748 | FlatPress File Delete panel.mediamanager.file.php doItemActions path traversal | S | |
| CVE-2022-4749 | Posts List Designer by Category < 3.2 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4750 | WP Responsive Testimonials Slider And Widget <= 1.5 - Contributor+ Stored XSS | E | |
| CVE-2022-4751 | Word Balloon < 4.19.3 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4752 | Opening Hours <= 2.3.0 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4753 | Print-O-Matic < 2.1.8 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4754 | Easy Social Box <= 4.1.2 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4755 | FlatPress Media Manager Plugin panel.mediamanager.file.php main cross site scripting | S | |
| CVE-2022-4756 | YouTube Channel < 3.23.0 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4757 | List Pages Shortcode < 1.7.6 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4758 | 10WebMapBuilder < 1.0.72 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4759 | GigPress < 2.3.28 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4760 | OneClick Chat to Order < 1.0.4.2 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4761 | Post Views Count <= 3.0.2 - Contributor+ Stored XSS in Shortcode | E | |
| CVE-2022-4762 | Materialis Companion < 1.3.40 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4763 | Icon Widget < 1.3.0 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4764 | Simple File Downloader <= 1.0.4 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4765 | Portfolio for Elementor, Image Gallery & Post Grid | PowerFolio < 2.3.1 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4766 | dolibarr_project_timesheet Form cross-site request forgery | S | |
| CVE-2022-4767 | Denial of Service in usememos/memos | E S | |
| CVE-2022-4768 | Dropbox merou SSH Public Key public_key.py add_public_key injection | S | |
| CVE-2022-4769 | Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information | | |
| CVE-2022-4770 | Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information | | |
| CVE-2022-4771 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | | |
| CVE-2022-4772 | Widoco WidocoUtils.java unZipIt path traversal | S | |
| CVE-2022-4773 | cloudsync LocalFilesystemConnector.java getItem path traversal | E S | |
| CVE-2022-4774 | Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload | E | |
| CVE-2022-4775 | GeoDirectory < 2.2.22 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4776 | CC Child Pages < 1.43 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4777 | Bootstrap Shortcodes <= 3.4.0 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4778 | path traversal in elvexys StreamX using StreamView HTML component with public web server feature | S | |
| CVE-2022-4779 | authentication bypass in elvexys StreamX using StreamView HTML component with public web server feature | S | |
| CVE-2022-4780 | hard coded credentials in elvexys ISOS firmwares | S | |
| CVE-2022-4781 | Accordion Shortcodes <= 2.4.2 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4782 | ClickFunnels <= 3.1.1 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4783 | Youtube Channel Gallery <= 2.4 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4784 | Hueman Addons <= 2.3.3 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4785 | Download Video Sidebar Widgets <= 6.1 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4786 | Video.js - HTML5 Video Player for WordPress <= 4.5.0 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4787 | Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4788 | Embed PDF <= 1.0.6 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4789 | WPZOOM Portfolio < 1.2.2 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4790 | WP Google My Business Auto Publish < 3.4 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4791 | Product Slider and Carousel with Category for WooCommerce < 2.8 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4792 | News & Blog Designer Pack < 3.3 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4793 | Blog Designer – Post and Widget < 2.4.1 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4794 | AAWP < 3.12.3 - Unsafe URL Handling | E | |
| CVE-2022-4795 | Galleries by Angie Makes <= 1.67 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4796 | Incorrect Use of Privileged APIs in usememos/memos | E S | |
| CVE-2022-4797 | Improper Restriction of Excessive Authentication Attempts in usememos/memos | E S | |
| CVE-2022-4798 | Authorization Bypass Through User-Controlled Key in usememos/memos | E S | |
| CVE-2022-4799 | Authorization Bypass Through User-Controlled Key in usememos/memos | E S | |
| CVE-2022-4800 | Improper Verification of Source of a Communication Channel in usememos/memos | E S | |
| CVE-2022-4801 | Insufficient Granularity of Access Control in usememos/memos | E S | |
| CVE-2022-4802 | Authorization Bypass Through User-Controlled Key in usememos/memos | E S | |
| CVE-2022-4803 | Authorization Bypass Through User-Controlled Key in usememos/memos | E S | |
| CVE-2022-4804 | Improper Authorization in usememos/memos | E S | |
| CVE-2022-4805 | Incorrect Use of Privileged APIs in usememos/memos | E S | |
| CVE-2022-4806 | Authorization Bypass Through User-Controlled Key in usememos/memos | E S | |
| CVE-2022-4807 | Improper Access Control in usememos/memos | E S | |
| CVE-2022-4808 | Improper Privilege Management in usememos/memos | E S | |
| CVE-2022-4809 | Improper Access Control in usememos/memos | E S | |
| CVE-2022-4810 | Improper Access Control in usememos/memos | E S | |
| CVE-2022-4811 | Authorization Bypass Through User-Controlled Key in usememos/memos | E S | |
| CVE-2022-4812 | Authorization Bypass Through User-Controlled Key in usememos/memos | E S | |
| CVE-2022-4813 | Insufficient Granularity of Access Control in usememos/memos | E S | |
| CVE-2022-4814 | Improper Access Control in usememos/memos | E S | |
| CVE-2022-4815 | Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data | | |
| CVE-2022-4816 | A denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local ... | S | |
| CVE-2022-4817 | centic9 jgit-cookbook temp file | S | |
| CVE-2022-4818 | Talend Open Studio for MDM SystemStorageWrapper.java xml external entity reference | S | |
| CVE-2022-4819 | HotCRP cross site scripting | S | |
| CVE-2022-4820 | FlatPress Admin Area admin.entry.list.php cross site scripting | S | |
| CVE-2022-4821 | FlatPress XML File Handler/MD File admin.uploader.php onupload cross site scripting | S | |
| CVE-2022-4822 | FlatPress Setup main.lib.php cross site scripting | S | |
| CVE-2022-4823 | InSTEDD Nuntium geopoll_controller.rb timing discrepancy | S | |
| CVE-2022-4824 | WP Blog and Widget < 2.3.1 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4825 | WP-ShowHide < 1.05 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4826 | Simple Tooltips < 2.1.4 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4827 | WP Tiles <= 1.1.2 - Contributor+ Stored XSS | E | |
| CVE-2022-4828 | Bold Timeline Lite < 1.1.5 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4829 | Show-Hide / Collapse-Expand < 1.3.0 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4830 | Paid Memberships Pro < 2.9.9 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4831 | Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro < 1.8.1 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4832 | Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4833 | YourChannel: Everything you want in a YouTube plugin < 1.2.3 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4834 | CPT Bootstrap Carousel <= 1.12 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4835 | Social Sharing Toolkit <= 2.6 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4836 | Breadcrumb < 1.5.33 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4837 | CPO Companion < 1.1.0 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4838 | Clean Login < 1.13.7 - Contributor+ Stored XSS via Shortcode | E | |
| CVE-2022-4839 | Cross-site Scripting (XSS) - Stored in usememos/memos | E S | |
| CVE-2022-4840 | Cross-site Scripting (XSS) - Stored in usememos/memos | E S | |
| CVE-2022-4841 | Cross-site Scripting (XSS) - Stored in usememos/memos | E S | |
| CVE-2022-4842 | A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was foun... | | |
| CVE-2022-4843 | NULL Pointer Dereference in radareorg/radare2 | E S | |
| CVE-2022-4844 | Cross-Site Request Forgery (CSRF) in usememos/memos | E S | |
| CVE-2022-4845 | Cross-Site Request Forgery (CSRF) in usememos/memos | E S | |
| CVE-2022-4846 | Cross-Site Request Forgery (CSRF) in usememos/memos | E S | |
| CVE-2022-4847 | Incorrectly Specified Destination in a Communication Channel in usememos/memos | E S | |
| CVE-2022-4848 | Improper Verification of Source of a Communication Channel in usememos/memos | E S | |
| CVE-2022-4849 | Cross-Site Request Forgery (CSRF) in usememos/memos | E S | |
| CVE-2022-4850 | Cross-Site Request Forgery (CSRF) in usememos/memos | E S | |
| CVE-2022-4851 | Improper Handling of Values in usememos/memos | E S | |
| CVE-2022-4852 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-4853 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-4854 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-4855 | SourceCodester Lead Management System login.php sql injection | E | |
| CVE-2022-4856 | Modbus Tools Modbus Slave mbs File mbslave.exe buffer overflow | E S | |
| CVE-2022-4857 | Modbus Tools Modbus Poll mbp File mbpoll.exe buffer overflow | E S | |
| CVE-2022-4858 | Insertion of Sensitive Information into Log File | S | |
| CVE-2022-4859 | Joget User Profile Menu UserProfileMenu.java submitForm cross site scripting | S | |
| CVE-2022-4860 | KBase Metrics methods_upload_user_stats.py upload_user_data sql injection | S | |
| CVE-2022-4861 | Incorrect Implementation of Authentication Algorithm | S | |
| CVE-2022-4862 | XSS vulnerability in M-Files Web | S | |
| CVE-2022-4863 | Improper Handling of Insufficient Permissions or Privileges in usememos/memos | E S | |
| CVE-2022-4864 | Argument Injection in froxlor/froxlor | E S | |
| CVE-2022-4865 | Cross-site Scripting (XSS) - Stored in usememos/memos | E S | |
| CVE-2022-4866 | Cross-site Scripting (XSS) - Stored in usememos/memos | E S | |
| CVE-2022-4867 | Cross-Site Request Forgery (CSRF) in froxlor/froxlor | E S | |
| CVE-2022-4868 | Improper Authorization in froxlor/froxlor | E S | |
| CVE-2022-4869 | Evolution Events Artaxerxes POST Parameter middleware.py information disclosure | S | |
| CVE-2022-4870 | In affected versions of Octopus Deploy it is possible to discover network details via error message... | | |
| CVE-2022-4871 | ummmmm nflpick-em.com LoadUsers.php _Load_Users sql injection | S | |
| CVE-2022-4872 | WooCommerce Chained Products < 2.12.0 - Unauthenticated Arbitrary Options Update to 'no' | E | |
| CVE-2022-4873 | Stack based overflow on Netcomm router models NF20MESH, NF20, and NL1902 | E | |
| CVE-2022-4874 | Authenticated bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows unauthenticated user to get access to content. | E | |
| CVE-2022-4875 | fossology cross site scripting | S | |
| CVE-2022-4876 | Kaltura mwEmbed DefaultSettings.php cross site scripting | S | |
| CVE-2022-4877 | snoyberg keter Proxy.hs cross site scripting | S | |
| CVE-2022-4878 | JATOS ZIP ZipUtil.java ZipUtil path traversal | S | |
| CVE-2022-4879 | Forged Alliance Forever Vote improper authorization | S | |
| CVE-2022-4880 | stakira OpenUtau ZIP Archive VoicebankInstaller.cs VoicebankInstaller path traversal | S | |
| CVE-2022-4881 | CapsAdmin PAC3 http.lua cross site scripting | S | |
| CVE-2022-4882 | kaltura mwEmbed Share Plugin share.js cross site scripting | E S | |
| CVE-2022-4883 | A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls exter... | S | |
| CVE-2022-4884 | Path-Traversal in MKP storing | | |
| CVE-2022-4885 | sviehb jefferson path traversal | S | |
| CVE-2022-4886 | Ingress-nginx `path` sanitization can be bypassed with `log_format` directive | M | |
| CVE-2022-4888 | Multiple Plugins from Addify - Multiple CSRF | E | |
| CVE-2022-4889 | visegripped Stracker api.php getHistory sql injection | S | |
| CVE-2022-4890 | abhilash1985 PredictApp Cookie new_framework_defaults_7_0.rb deserialization | S | |
| CVE-2022-4891 | Sisimai string.rb to_plain redos | E S | |
| CVE-2022-4892 | MyCMS Visitors Module view.php build_view cross site scripting | S | |
| CVE-2022-4893 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-4894 | Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privi... | | |
| CVE-2022-4895 | Man-in-the-middle attack Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer | | |
| CVE-2022-4896 | Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server ... | | |
| CVE-2022-4897 | BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting | E | |
| CVE-2022-4898 | In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Sc... | | |
| CVE-2022-4899 | A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument ... | S | |
| CVE-2022-4900 | Potential buffer overflow in php_cli_server_startup_workers | | |
| CVE-2022-4901 | Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript co... | | |
| CVE-2022-4902 | eXo Chat Application Mention ExoChatMessageComposer.vue cross site scripting | S | |
| CVE-2022-4903 | CodenameOne implicit intent for sensitive communication | S | |
| CVE-2022-4904 | A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity o... | E | |
| CVE-2022-4905 | UDX Stateless Media Plugin class-settings.php setup_wizard_interface cross site scripting | S | |
| CVE-2022-4906 | Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attac... | E | |
| CVE-2022-4907 | Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to exe... | E | |
| CVE-2022-4908 | Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a rem... | E | |
| CVE-2022-4909 | Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacke... | E | |
| CVE-2022-4910 | Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote at... | E | |
| CVE-2022-4911 | Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote at... | E | |
| CVE-2022-4912 | Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potent... | E | |
| CVE-2022-4913 | Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote ... | E | |
| CVE-2022-4914 | Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who... | E | |
| CVE-2022-4915 | Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a re... | E | |
| CVE-2022-4916 | Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform... | E | |
| CVE-2022-4917 | Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a ... | E | |
| CVE-2022-4918 | Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform ar... | E | |
| CVE-2022-4919 | Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker t... | E | |
| CVE-2022-4920 | Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who ... | E | |
| CVE-2022-4921 | Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who... | E | |
| CVE-2022-4922 | Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attack... | E | |
| CVE-2022-4923 | Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker i... | E | |
| CVE-2022-4924 | Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had co... | E | |
| CVE-2022-4925 | Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a ... | E | |
| CVE-2022-4926 | Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allow... | E | |
| CVE-2022-4927 | ualbertalib NEOSDiscovery _refworks.html.erb reverse tabnabbing | S | |
| CVE-2022-4928 | icplayer presenter.js AddonText_Selection_create cross site scripting | S | |
| CVE-2022-4929 | icplayer tts-utils.js cross site scripting | S | |
| CVE-2022-4930 | nuxsmin sysPass URL cross site scripting | S | |
| CVE-2022-4931 | The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, ... | S | |
| CVE-2022-4932 | The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and... | S | |
| CVE-2022-4933 | ATM Consulting dolibarr_module_quicksupplierprice interface.php upatePrice sql injection | S | |
| CVE-2022-4934 | A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older th... | | |
| CVE-2022-4935 | The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of d... | S | |
| CVE-2022-4936 | The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up... | S | |
| CVE-2022-4937 | The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access... | S | |
| CVE-2022-4938 | The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versio... | S | |
| CVE-2022-4939 | THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, an... | S | |
| CVE-2022-4940 | The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of da... | S | |
| CVE-2022-4941 | The WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up ... | S | |
| CVE-2022-4942 | mportuga eslint-detailed-reporter template-generator.js renderIssue cross site scripting | S | |
| CVE-2022-4943 | The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due... | | |
| CVE-2022-4944 | kalcaddle KodExplorer cross-site request forgery | E S | |
| CVE-2022-4945 | CVE-2022-4945 | S | |
| CVE-2022-4946 | Frontend Post WordPress Plugin <= 2.8.4 - Contributor+ Arbitrary Redirect | E | |
| CVE-2022-4948 | The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capabili... | E | |
| CVE-2022-4949 | The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type v... | E S | |
| CVE-2022-4950 | Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation ... | S | |
| CVE-2022-4952 | OmniSharp csharp-language-server-protocol JSON Serializer SerializerBase.cs CreateSerializerSettings resource consumption | S | |
| CVE-2022-4953 | Elementor < 3.5.5 - Iframe Injection | E S | |
| CVE-2022-4954 | The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting ... | | |
| CVE-2022-4955 | Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker... | E S | |
| CVE-2022-4956 | Caphyon Advanced Installer WinSxS DLL uncontrolled search path | E S | |
| CVE-2022-4957 | librespeed speedtest stats.php cross site scripting | S | |
| CVE-2022-4958 | qkmc-rk redbbs Post cross site scripting | E | |
| CVE-2022-4959 | qkmc-rk redbbs Nickname cross site scripting | E | |
| CVE-2022-4960 | cloudfavorites favorites-web Nickname cross site scripting | E | |
| CVE-2022-4961 | Weitong Mall OrderDao.xml sql injection | E | |
| CVE-2022-4962 | Apollo Configuration Center users improper authorization | E | |
| CVE-2022-4963 | Folio Spring Module Core Schema Name HibernateSchemaService.java dropSchema sql injection | S | |
| CVE-2022-4964 | Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-reco... | E S | |
| CVE-2022-4965 | The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable... | | |
| CVE-2022-4966 | sequentech admin-console Election Description cross site scripting | S | |
| CVE-2022-4967 | strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper valida... | S | |
| CVE-2022-4968 | netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected.... | E S | |
| CVE-2022-4969 | bwoodsend rockhopper Binary Parser ragged_array.c count_rows buffer overflow | S | |
| CVE-2022-4971 | Sassy Social Share <= 3.3.3 - Reflected Cross-Site Scripting | E | |
| CVE-2022-4972 | Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export | | |
| CVE-2022-4973 | WordPress Core < 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via use of the_meta(); function | S | |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | | |
| CVE-2022-4975 | Rhacs: cross-site scripting in portal | M |