| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-40000 | Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary ... | E | |
| CVE-2022-40001 | Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary ... | E | |
| CVE-2022-40002 | Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary ... | E | |
| CVE-2022-40004 | Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to escalate p... | | |
| CVE-2022-40005 | Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as... | E S | |
| CVE-2022-40008 | SWFTools commit 772e55a was discovered to contain a heap-buffer overflow via the function readU8 at ... | E | |
| CVE-2022-40009 | SWFTools commit 772e55a was discovered to contain a heap-use-after-free via the function grow_unicod... | E | |
| CVE-2022-40010 | Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-sit... | E | |
| CVE-2022-40011 | Cross Site Scripting (XSS) vulnerability in typora through 1.38 allows remote attackers to run arbit... | | |
| CVE-2022-40016 | Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7... | E | |
| CVE-2022-40021 | QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) was discovered to contain a co... | | |
| CVE-2022-40022 | Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulne... | | |
| CVE-2022-40023 | Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Le... | E S | |
| CVE-2022-40026 | SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerabil... | E | |
| CVE-2022-40027 | SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XS... | E | |
| CVE-2022-40028 | SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XS... | E | |
| CVE-2022-40029 | SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XS... | E | |
| CVE-2022-40030 | SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerabil... | E | |
| CVE-2022-40032 | SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' an... | E | |
| CVE-2022-40034 | Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute ... | E | |
| CVE-2022-40035 | File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary com... | E | |
| CVE-2022-40036 | An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user informa... | E | |
| CVE-2022-40037 | An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execu... | E | |
| CVE-2022-40043 | Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalat... | E | |
| CVE-2022-40044 | Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_... | E | |
| CVE-2022-40047 | Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via ... | E | |
| CVE-2022-40048 | Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload... | E | |
| CVE-2022-40049 | SQL injection vulnerability in sourcecodester Theme Park Ticketing System 1.0 allows remote attacker... | E | |
| CVE-2022-40050 | ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /fil... | E | |
| CVE-2022-40055 | An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows attackers to escalate privileges ... | | |
| CVE-2022-40067 | Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetVirtualSe... | E | |
| CVE-2022-40068 | Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetQosBand.... | E | |
| CVE-2022-40069 | ]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetSysTime.... | E | |
| CVE-2022-40070 | Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/httpd, function: formSetFirewallCf... | E | |
| CVE-2022-40071 | Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, formSetDeviceName.... | E | |
| CVE-2022-40072 | Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: setSmartPowerMan... | E | |
| CVE-2022-40073 | Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, saveParentControlInfo.... | E | |
| CVE-2022-40074 | Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, setSchedWifi.... | E | |
| CVE-2022-40075 | Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, form_fast_setting_wifi_set... | E | |
| CVE-2022-40076 | Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetWifiGusetB... | E | |
| CVE-2022-40080 | Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call ... | E | |
| CVE-2022-40082 | Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.... | E S | |
| CVE-2022-40083 | Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler... | E S | |
| CVE-2022-40084 | OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference ... | E | |
| CVE-2022-40087 | Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the ... | E | |
| CVE-2022-40088 | Simple College Website v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnera... | E | |
| CVE-2022-40089 | A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execu... | E | |
| CVE-2022-40090 | An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause... | E S | |
| CVE-2022-40091 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2022-40092 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2022-40093 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2022-40097 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2022-40098 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2022-40099 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2022-40100 | Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeC... | | |
| CVE-2022-40101 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet fun... | | |
| CVE-2022-40102 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function.... | | |
| CVE-2022-40103 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function... | | |
| CVE-2022-40104 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDget function.... | | |
| CVE-2022-40105 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterGet fun... | | |
| CVE-2022-40106 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the set_local_time function.... | | |
| CVE-2022-40107 | Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formexeCommand function.... | | |
| CVE-2022-40109 | TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via b... | | |
| CVE-2022-40110 | TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/b... | | |
| CVE-2022-40111 | In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardc... | | |
| CVE-2022-40112 | TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostn... | | |
| CVE-2022-40113 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id p... | E | |
| CVE-2022-40114 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id p... | E | |
| CVE-2022-40115 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id p... | E | |
| CVE-2022-40116 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search pa... | E | |
| CVE-2022-40117 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id p... | E | |
| CVE-2022-40118 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id p... | E | |
| CVE-2022-40119 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_te... | E | |
| CVE-2022-40120 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_te... | E | |
| CVE-2022-40121 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search pa... | E | |
| CVE-2022-40122 | Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id p... | E | |
| CVE-2022-40123 | mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /D... | E | |
| CVE-2022-40126 | A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attacke... | E | |
| CVE-2022-40127 | Apache Airflow <2.4.0 has an RCE in a bash example | S | |
| CVE-2022-40128 | WordPress Advanced Order Export For WooCommerce plugin <= 3.3.2 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-40129 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, versi... | E | |
| CVE-2022-40130 | WordPress WP-Polls plugin <= 2.76.0 - Auth. Race Condition vulnerability | S | |
| CVE-2022-40131 | WordPress Page View Count plugin <= 2.5.5 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-40132 | WordPress Seriously Simple Podcasting plugin <= 2.16.0 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-40133 | There is an UAF vulnerability in vmwgfx driver | | |
| CVE-2022-40134 | An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may... | S | |
| CVE-2022-40135 | An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may ... | S | |
| CVE-2022-40136 | An information leak vulnerability in SMI Handler used to configure platform settings over WMI in som... | S | |
| CVE-2022-40137 | A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local acce... | S | |
| CVE-2022-40138 | An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d1... | S | |
| CVE-2022-40139 | Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Tr... | KEV S | |
| CVE-2022-40140 | An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could all... | S | |
| CVE-2022-40141 | A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to interce... | S | |
| CVE-2022-40142 | A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend... | S | |
| CVE-2022-40143 | A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Ap... | S | |
| CVE-2022-40144 | A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacke... | S | |
| CVE-2022-40145 | Apache Karaf: JDBC JAAS LDAP injection | | |
| CVE-2022-40146 | Jar url should be blocked by DefaultScriptSecurity | | |
| CVE-2022-40147 | A vulnerability has been identified in Industrial Edge Management (All versions < V1.5.1). The affec... | | |
| CVE-2022-40148 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40149 | Stack Buffer Overflow in Jettison | | |
| CVE-2022-40150 | Stack Buffer Overflow in Jettison | | |
| CVE-2022-40151 | Stack Buffer Overflow in xstream | E | |
| CVE-2022-40152 | Stack Buffer Overflow in Woodstox | E | |
| CVE-2022-40153 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was inco... | R | |
| CVE-2022-40154 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was inco... | R | |
| CVE-2022-40155 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was inco... | R | |
| CVE-2022-40156 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was inco... | R | |
| CVE-2022-40157 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-40158 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-40159 | Stack Overflow in JXPath | | |
| CVE-2022-40160 | Stack Overflow in JXPath | | |
| CVE-2022-40161 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-40162 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40163 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40164 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40165 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40166 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40167 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40168 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40169 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40170 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40171 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40172 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40173 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40174 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40175 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40176 | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM3... | S | |
| CVE-2022-40177 | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM3... | S | |
| CVE-2022-40178 | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM3... | S | |
| CVE-2022-40179 | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM3... | S | |
| CVE-2022-40180 | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM3... | S | |
| CVE-2022-40181 | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM3... | S | |
| CVE-2022-40182 | A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM3... | S | |
| CVE-2022-40183 | Reflected Cross Site Scripting (XSS) in VIDEOJET multi 4000 | S | |
| CVE-2022-40184 | Stored Cross Site Scripting (XSS) in VIDEOJET multi 4000 | S | |
| CVE-2022-40186 | An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in th... | | |
| CVE-2022-40187 | Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service ena... | E | |
| CVE-2022-40188 | Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) be... | | |
| CVE-2022-40189 | Apache Airlfow Pig Provider RCE | S | |
| CVE-2022-40190 | SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS... | | |
| CVE-2022-40191 | WordPress Contact Form By Mega Forms plugin <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-40192 | WordPress wpForo Forum plugin <= 2.0.9 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-40193 | WordPress Awesome Filterable Portfolio plugin <= 1.9.7 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-40194 | WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Sensitive Information Disclosure vulnerability | S | |
| CVE-2022-40195 | WordPress PCA Predict plugin <= 1.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-40196 | Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 and Intel ... | | |
| CVE-2022-40198 | WordPress TeraWallet – For WooCommerce Plugin <= 1.3.24 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-40199 | Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 se... | S | |
| CVE-2022-40200 | WordPress wpForo Forum plugin <= 2.0.9 - Auth. Arbitrary File Upload vulnerability | S | |
| CVE-2022-40201 | Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Base... | S | |
| CVE-2022-40202 | The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and p... | S | |
| CVE-2022-40203 | WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.1.5 is vulnerable to Broken Access Control | S | |
| CVE-2022-40204 | A cross-site scripting (XSS) vulnerability exists in all current versions of Digital Alert Systems D... | | |
| CVE-2022-40205 | WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability | S | |
| CVE-2022-40206 | WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability | S | |
| CVE-2022-40207 | Improper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authentica... | | |
| CVE-2022-40208 | In Moodle, insufficient limitations in some quiz web services made it possible for students to bypas... | S | |
| CVE-2022-40209 | WP Smart Import plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-40210 | Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow a... | S | |
| CVE-2022-40211 | WordPress GiveWP plugin <= 2.25.1 - Cross Site Scripting (XSS) via render_dropdown vulnerability | S | |
| CVE-2022-40213 | WordPress GS Testimonial Slider plugin <= 1.9.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | S | |
| CVE-2022-40214 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or... | R | |
| CVE-2022-40215 | WordPress Tabs plugin <= 3.7.1 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities | S | |
| CVE-2022-40216 | WordPress Better Messages plugin <= 1.9.10.69 - Auth. Messaging Block Bypass vulnerability | S | |
| CVE-2022-40217 | WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Edit/Upload vulnerability | S | |
| CVE-2022-40218 | WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Change vulnerability | S | |
| CVE-2022-40219 | WordPress FavIcon Switcher plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2022-40220 | An OS command injection vulnerability exists in the httpd txt/restore.cgi functionality of Siretta Q... | E | |
| CVE-2022-40221 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-40222 | An OS command injection vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUA... | E | |
| CVE-2022-40223 | WordPress SearchWP premium plugin <= 4.2.5 - Broken Authentication vulnerability | S | |
| CVE-2022-40224 | A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Ind... | E | |
| CVE-2022-40225 | A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4... | S | |
| CVE-2022-40226 | A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions <... | S | |
| CVE-2022-40227 | A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versi... | | |
| CVE-2022-40228 | IBM DataPower Gateway session fixation | | |
| CVE-2022-40230 | "IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout whic... | S | |
| CVE-2022-40231 | IBM Sterling B2B Integrator Standard Edition improper access control | S | |
| CVE-2022-40232 | IBM Sterling B2B Integrator Standard Edition improper access control | S | |
| CVE-2022-40233 | IBM AIX denial of service | S | |
| CVE-2022-40234 | Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key i... | | |
| CVE-2022-40235 | "IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing ... | S | |
| CVE-2022-40237 | IBM MQ for HPE NonStop denial of service | S | |
| CVE-2022-40238 | A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5 | | |
| CVE-2022-40242 | MegaRAC Default Credentials Vulnerability | S | |
| CVE-2022-40246 | Arbitrary write vulnerability in SbPei module leads to arbitrary code execution during PEI phase. | E | |
| CVE-2022-40248 | An HTML injection vulnerability exists in CERT/CC VINCE software prior to version 1.50.4 | | |
| CVE-2022-40250 | Stack overflow vulnerability in SMI handler on SmmSmbiosElog. | E | |
| CVE-2022-40257 | An HTML injection vulnerability exists in CERT/CC VINCE software prior to version 1.50.4 | | |
| CVE-2022-40258 | Weak password hashes for Redfish & API | S | |
| CVE-2022-40259 | MegaRAC Default Credentials Vulnerability | S | |
| CVE-2022-40261 | SMM memory corruption vulnerability in OverClockSmiHandler SMM driver | E | |
| CVE-2022-40262 | The arbitrary write vulnerability in S3Resume2Pei leads to arbitrary code execution during PEI phase. | E | |
| CVE-2022-40263 | BD Totalys MultiProcessor - Hardcoded Credentials | S | |
| CVE-2022-40264 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICON... | M | |
| CVE-2022-40265 | Denial of Service (DoS) Vulnerability in MELSEC iQ-R Series Ethernet Interface Module | | |
| CVE-2022-40266 | Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series | M | |
| CVE-2022-40267 | Authentication Bypass Vulnerability in Web Server Function on MELSEC Series | M | |
| CVE-2022-40268 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporatio... | | |
| CVE-2022-40269 | Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT... | | |
| CVE-2022-40270 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40271 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40272 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40273 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-40274 | Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client at... | E | |
| CVE-2022-40276 | Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any cli... | E | |
| CVE-2022-40277 | Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any clien... | E | |
| CVE-2022-40278 | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provi... | E | |
| CVE-2022-40279 | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout ... | E | |
| CVE-2022-40280 | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provi... | | |
| CVE-2022-40281 | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in cu... | | |
| CVE-2022-40282 | The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. Th... | E | |
| CVE-2022-40284 | A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can ... | | |
| CVE-2022-40287 | Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via user profile data fields. | | |
| CVE-2022-40288 | Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via messaging functionality | | |
| CVE-2022-40289 | Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via file upload and download functionality. | | |
| CVE-2022-40290 | Reflected cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC. | | |
| CVE-2022-40291 | Cross-site request forgery (CSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC | | |
| CVE-2022-40292 | Unauthenticated username enumeration in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC. | | |
| CVE-2022-40293 | Session fixation in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC. | | |
| CVE-2022-40294 | CSV Injection in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC | | |
| CVE-2022-40295 | Authenticated sensitive information disclosure in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC. | | |
| CVE-2022-40296 | Server-side request forgery (SSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC. | | |
| CVE-2022-40297 | UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via S... | E | |
| CVE-2022-40298 | Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a p... | | |
| CVE-2022-40299 | In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local ... | E S | |
| CVE-2022-40300 | Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, ... | S | |
| CVE-2022-40302 | An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with ... | | |
| CVE-2022-40303 | An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with th... | S | |
| CVE-2022-40304 | An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt... | S | |
| CVE-2022-40305 | A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate th... | E | |
| CVE-2022-40306 | The login form /Login in ECi Printanista Hub (formerly FMAudit Printscout) before 5.5.2 (July 2023) ... | E | |
| CVE-2022-40307 | An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c ha... | S | |
| CVE-2022-40308 | Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files | | |
| CVE-2022-40309 | Apache Archiva prior to 2.2.9 allows an authenticated user to delete arbitrary directories | | |
| CVE-2022-40310 | WordPress Rate my Post – WP Rating System plugin <= 3.3.4 - Race Condition vulnerability | S | |
| CVE-2022-40311 | WordPress Analytics Cat plugin <= 1.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-40312 | WordPress GiveWP Plugin <= 2.25.1 is vulnerable to Server Side Request Forgery (SSRF) | S | |
| CVE-2022-40313 | Recursive rendering of Mustache template helpers containing user input could, in some cases, result ... | S | |
| CVE-2022-40314 | A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.... | S | |
| CVE-2022-40315 | A limited SQL injection risk was identified in the "browse list of users" site administration page.... | S | |
| CVE-2022-40316 | The H5P activity attempts report did not filter by groups, which in separate groups mode could revea... | S | |
| CVE-2022-40317 | OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element.... | E S | |
| CVE-2022-40318 | An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with ... | | |
| CVE-2022-40319 | The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (... | | |
| CVE-2022-40320 | cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.... | E S | |
| CVE-2022-40322 | SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579.... | | |
| CVE-2022-40323 | SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241.... | | |
| CVE-2022-40324 | SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258.... | | |
| CVE-2022-40325 | SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262.... | | |
| CVE-2022-40337 | OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows attackers to execute arbitrary... | | |
| CVE-2022-40341 | mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attack... | E | |
| CVE-2022-40347 | SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone'... | E | |
| CVE-2022-40348 | Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.p... | | |
| CVE-2022-40352 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2022-40353 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2022-40354 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2022-40357 | A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerab... | E | |
| CVE-2022-40358 | An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerab... | E | |
| CVE-2022-40359 | Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.... | E | |
| CVE-2022-40361 | Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code vi... | | |
| CVE-2022-40363 | A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Z... | E S | |
| CVE-2022-40365 | Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execut... | E | |
| CVE-2022-40373 | Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary ... | E | |
| CVE-2022-40402 | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking paramet... | E | |
| CVE-2022-40403 | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at... | E | |
| CVE-2022-40404 | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at... | E | |
| CVE-2022-40405 | WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via ... | | |
| CVE-2022-40407 | A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute ar... | E | |
| CVE-2022-40408 | FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted p... | E | |
| CVE-2022-40424 | The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor insert... | E | |
| CVE-2022-40425 | The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor insert... | E | |
| CVE-2022-40426 | The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor insert... | E | |
| CVE-2022-40427 | The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor ins... | E | |
| CVE-2022-40428 | The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor insert... | E | |
| CVE-2022-40429 | The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoo... | E | |
| CVE-2022-40430 | The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor ins... | E | |
| CVE-2022-40431 | The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor insert... | E | |
| CVE-2022-40432 | The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor ins... | E | |
| CVE-2022-40433 | Rejected reason: ** REJECT ** This CVE ID has been rejected by its CNA as it was not a security issu... | R | |
| CVE-2022-40434 | Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page.... | E | |
| CVE-2022-40435 | Employee Performance Evaluation System v1.0 was discovered to contain a persistent cross-site script... | E | |
| CVE-2022-40438 | Buffer overflow vulnerability in function AP4_MemoryByteStream::WritePartial in mp42aac in Bento4 v1... | E | |
| CVE-2022-40439 | An memory leak issue was discovered in AP4_StdcFileByteStream::Create in mp42ts in Bento4 v1.6.0-639... | E | |
| CVE-2022-40440 | mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setToolt... | E | |
| CVE-2022-40443 | An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive informat... | E | |
| CVE-2022-40444 | ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.... | E | |
| CVE-2022-40446 | ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmail... | E | |
| CVE-2022-40447 | ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /adm... | E | |
| CVE-2022-40468 | Potential leak of left-over heap data if custom error page templates containing special non-standard... | E | |
| CVE-2022-40469 | iKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability... | E | |
| CVE-2022-40470 | Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Fe... | E | |
| CVE-2022-40471 | Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrar... | E | |
| CVE-2022-40472 | ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contai... | E | |
| CVE-2022-40475 | TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the compone... | E | |
| CVE-2022-40476 | A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62.... | S | |
| CVE-2022-40480 | Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue wh... | | |
| CVE-2022-40482 | The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable t... | E S | |
| CVE-2022-40483 | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at... | E | |
| CVE-2022-40484 | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking paramet... | E | |
| CVE-2022-40485 | Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at... | E | |
| CVE-2022-40486 | TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allo... | E | |
| CVE-2022-40487 | ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities v... | S | |
| CVE-2022-40488 | ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).... | S | |
| CVE-2022-40489 | ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows ... | E | |
| CVE-2022-40490 | Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerabil... | E | |
| CVE-2022-40494 | NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly ... | E | |
| CVE-2022-40497 | Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authentic... | S | |
| CVE-2022-40502 | Improper input validation in WLAN Host | | |
| CVE-2022-40503 | Buffer over-read in Bluetooth Host. | S | |
| CVE-2022-40504 | Reachable assertion in Modem | | |
| CVE-2022-40505 | Buffer over-read in Modem | | |
| CVE-2022-40507 | Double free in Core | | |
| CVE-2022-40508 | Reachable assertion in Modem | | |
| CVE-2022-40510 | Buffer copy without checking size of input in Audio. | | |
| CVE-2022-40512 | Buffer over-read in WLAN Firmware. | | |
| CVE-2022-40513 | Uncontrolled resource consumption in WLAN Firmware. | | |
| CVE-2022-40514 | Buffer copy without checking size of input in WLAN Firmware | | |
| CVE-2022-40515 | Double free in Video | | |
| CVE-2022-40516 | Stack-based buffer overflow in Core | | |
| CVE-2022-40517 | Stack based buffer overflow in Core | | |
| CVE-2022-40518 | Buffer overread in Core | | |
| CVE-2022-40519 | Buffer over-read in Core | | |
| CVE-2022-40520 | Stack based buffer overflow in Core | | |
| CVE-2022-40521 | Improper authorization in Modem | | |
| CVE-2022-40522 | Double free in Linux Networking | | |
| CVE-2022-40523 | Information exposure in Kernel | | |
| CVE-2022-40524 | Buffer over-read in Modem | | |
| CVE-2022-40525 | Information Exposure in Linux Networking Firmware | | |
| CVE-2022-40527 | Reachable Assertion in WLAN Embedded SW | | |
| CVE-2022-40529 | Improper access control in Kernel | | |
| CVE-2022-40530 | Integer overflow to buffer overflow in WLAN | | |
| CVE-2022-40531 | Incorrect type conversion in WLAN | | |
| CVE-2022-40532 | Integer overflow or wraparound in WLAN | | |
| CVE-2022-40533 | Untrusted Pointer Dereference in Core | | |
| CVE-2022-40534 | Improper Validation of Array Index in Audio | | |
| CVE-2022-40535 | Buffer Over-read in WLAN | | |
| CVE-2022-40536 | Improper authentication in Modem | | |
| CVE-2022-40537 | Improper Validation of Array Index in Bluetooth HOST | S | |
| CVE-2022-40538 | Reachable assertion in Modem | | |
| CVE-2022-40539 | Improper Validation of Array Index in Automotive Android OS | | |
| CVE-2022-40540 | Buffer copy without checking the size of input in Linux Kernel | S | |
| CVE-2022-40541 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40542 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40543 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40544 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40545 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40546 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40547 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40548 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40549 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40550 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40551 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40552 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40553 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40554 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40555 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40556 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40557 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40558 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40559 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40560 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40561 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40562 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40563 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40564 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40565 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40566 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40567 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40568 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40569 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40570 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40571 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40572 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40573 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40574 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40575 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40576 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40577 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40578 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40579 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40580 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40581 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40582 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40583 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40584 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40585 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40586 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40587 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40588 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40589 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40590 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40591 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40592 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40593 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40594 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40595 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40596 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40597 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40598 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40599 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40600 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40601 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40602 | A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote att... | S | |
| CVE-2022-40603 | A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ZyWALL/USG series firmware ve... | | |
| CVE-2022-40604 | Format String Vulnerability | S | |
| CVE-2022-40605 | MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted oper... | | |
| CVE-2022-40606 | MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted oper... | | |
| CVE-2022-40607 | IBM Spectrum Scale directory traversal | | |
| CVE-2022-40608 | IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can downlo... | | |
| CVE-2022-40609 | IBM SDK, Java Technology Edition code execution | | |
| CVE-2022-40615 | IBM Sterling Partner Engagement Manager SQL injection | S | |
| CVE-2022-40616 | IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authenticatio... | | |
| CVE-2022-40617 | strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugi... | | |
| CVE-2022-40621 | WAVLINK Quantum D4G (WN531G3) Pass-The-Hash | E | |
| CVE-2022-40622 | WAVLINK Quantum D4G (WN531G3) Session Management by IP Address | E | |
| CVE-2022-40623 | WAVLINK Quantum D4G (WN531G3) CSRF | E | |
| CVE-2022-40624 | pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as roo... | E | |
| CVE-2022-40626 | Reflected XSS in the backurl parameter of Zabbix Frontend | S | |
| CVE-2022-40628 | Remote Code Execution Vulnerability in Tacitine Firewall | S | |
| CVE-2022-40629 | Sensitive Information Disclosure Vulnerability in Tacitine Firewall | S | |
| CVE-2022-40630 | Improper Session Management Vulnerability in Tacitine Firewall | S | |
| CVE-2022-40631 | A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3... | | |
| CVE-2022-40632 | WordPress wpForo Forum plugin <= 2.0.5 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-40633 | Rittal CMC III Improper Access Control | M | |
| CVE-2022-40634 | Improper Control of Dynamically-Managed Code Resources in Crafter Studio | | |
| CVE-2022-40635 | Improper Control of Dynamically-Managed Code Resources in Crafter Studio | | |
| CVE-2022-40636 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40637 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40638 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40639 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40640 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40641 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40642 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40643 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40644 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40645 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40646 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40647 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40648 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40649 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40650 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40651 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40652 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40653 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40654 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of An... | | |
| CVE-2022-40655 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI... | | |
| CVE-2022-40656 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI... | | |
| CVE-2022-40657 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI... | | |
| CVE-2022-40658 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI... | | |
| CVE-2022-40659 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI... | | |
| CVE-2022-40660 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI... | | |
| CVE-2022-40661 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI... | | |
| CVE-2022-40662 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI... | | |
| CVE-2022-40663 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI... | | |
| CVE-2022-40664 | Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher | | |
| CVE-2022-40665 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40666 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40667 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40668 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40669 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2022-40671 | WordPress Rate my Post – WP Rating System plugin <= 3.3.4 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-40672 | WordPress CPO Shortcodes plugin <= 1.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-40673 | KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache... | E S | |
| CVE-2022-40674 | libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.... | S | |
| CVE-2022-40675 | Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.... | S | |
| CVE-2022-40676 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F... | S | |
| CVE-2022-40677 | A improper neutralization of argument delimiters in a command ('argument injection') in Fortinet For... | S | |
| CVE-2022-40678 | An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.... | S | |
| CVE-2022-40679 | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in Forti... | S | |
| CVE-2022-40680 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F... | S | |
| CVE-2022-40681 | A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.... | S | |
| CVE-2022-40682 | A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.... | S | |
| CVE-2022-40683 | A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauth... | S | |
| CVE-2022-40684 | An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.... | KEV E M | |
| CVE-2022-40685 | Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an ... | S | |
| CVE-2022-40686 | WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-40687 | WordPress Creative Mail plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-40688 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-40689 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-40690 | Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticat... | | |
| CVE-2022-40691 | An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008... | E | |
| CVE-2022-40692 | WordPress Sunshine Photo Cart Plugin <= 2.9.13 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-40693 | A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 ... | E | |
| CVE-2022-40694 | WordPress News Announcement Scroll plugin <= 8.8.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-40695 | WordPress SEO Redirection Plugin plugin <= 8.9 - Multiple Cross-Site Scripting (CSRF) vulnerabilities | S | |
| CVE-2022-40696 | WordPress Advanced Custom Fields Plugin 3.1.1-6.0.2 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2022-40697 | WordPress 3com – Asesor de Cookies para normativa española Plugin <= 3.4.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-40698 | WordPress Quiz And Survey Master plugin <= 7.3.10 - Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-40699 | WordPress Yet Another Stars Rating Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-40700 | Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins | S | |
| CVE-2022-40701 | A directory traversal vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-... | E | |
| CVE-2022-40702 | WordPress Advanced Local Pickup for WooCommerce Plugin <= 1.5.2 is vulnerable to Broken Access Control | S | |
| CVE-2022-40703 | CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993... | M | |
| CVE-2022-40704 | A XSS vulnerability was found in phoromatic_r_add_test_details.php in phoronix-test-suite.... | E S | |
| CVE-2022-40705 | Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP | M | |
| CVE-2022-40707 | An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Securit... | | |
| CVE-2022-40708 | An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Securit... | | |
| CVE-2022-40709 | An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Securit... | | |
| CVE-2022-40710 | A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Age... | | |
| CVE-2022-40711 | PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Adm... | E | |
| CVE-2022-40712 | An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2*... | | |
| CVE-2022-40713 | An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in dif... | | |
| CVE-2022-40714 | An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endp... | | |
| CVE-2022-40715 | An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for ... | | |
| CVE-2022-40716 | HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SA... | | |
| CVE-2022-40717 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DI... | S | |
| CVE-2022-40718 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DI... | S | |
| CVE-2022-40719 | This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected insta... | S | |
| CVE-2022-40720 | This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected insta... | S | |
| CVE-2022-40721 | Arbitrary file upload vulnerability in php uploader... | E | |
| CVE-2022-40722 | Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate. | | |
| CVE-2022-40723 | Configuration-based MFA Bypass in PingID RADIUS PCV. | | |
| CVE-2022-40724 | Cross-Site Request Forgery on PingFederate Local Identity Profiles Endpoint. | | |
| CVE-2022-40725 | PingID Desktop PIN attempt lockout bypass. | | |
| CVE-2022-40732 | An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys drive... | | |
| CVE-2022-40733 | An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys drive... | | |
| CVE-2022-40734 | UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.... | E | |
| CVE-2022-40735 | The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain ca... | | |
| CVE-2022-40736 | An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in AP4_CttsAtom::... | E | |
| CVE-2022-40737 | An issue was discovered in Bento4 through 1.6.0-639. A buffer over-read exists in the function AP4_S... | E | |
| CVE-2022-40738 | An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_Descri... | E | |
| CVE-2022-40739 | Ragic, Inc. Ragic - Reflected XSS | S | |
| CVE-2022-40740 | Realtek GPON router - Command Injection | S | |
| CVE-2022-40741 | SOFTNEXT TECHNOLOGIES CORP. Mail SQR Expert - Command Injection | S | |
| CVE-2022-40742 | SOFTNEXT TECHNOLOGIES CORP. Mail SQR Expert - Local File Inclusion | S | |
| CVE-2022-40743 | Apache Traffic Server: Security issues with the xdebug plugin | M | |
| CVE-2022-40744 | IBM Aspera Faspex cross-site scripting | S | |
| CVE-2022-40745 | IBM Aspera Faspex information disclosure | | |
| CVE-2022-40746 | IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticate... | S | |
| CVE-2022-40747 | "IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) atta... | S | |
| CVE-2022-40748 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability all... | | |
| CVE-2022-40750 | IBM WebSphere Application Server cross-site scripting | S | |
| CVE-2022-40751 | IBM UrbanCode Deploy information disclosure | S | |
| CVE-2022-40752 | IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper ne... | S | |
| CVE-2022-40753 | IBM InfoSphere Information Server cross-site scripting | S | |
| CVE-2022-40754 | Open Redirect | S | |
| CVE-2022-40755 | JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasp... | E | |
| CVE-2022-40756 | If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11... | | |
| CVE-2022-40757 | A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Sams... | S | |
| CVE-2022-40758 | A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung... | S | |
| CVE-2022-40759 | A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0... | S | |
| CVE-2022-40760 | A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mT... | S | |
| CVE-2022-40761 | The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a ... | S | |
| CVE-2022-40762 | A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mT... | S | |
| CVE-2022-40764 | Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk ... | E S | |
| CVE-2022-40765 | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) c... | KEV M | |
| CVE-2022-40766 | Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1... | E | |
| CVE-2022-40768 | drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive inform... | S | |
| CVE-2022-40769 | profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recov... | | |
| CVE-2022-40770 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command ... | | |
| CVE-2022-40771 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity... | S | |
| CVE-2022-40772 | Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass th... | S | |
| CVE-2022-40773 | Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerab... | | |
| CVE-2022-40774 | An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4_Stsz... | E | |
| CVE-2022-40775 | An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_StszAt... | E | |
| CVE-2022-40777 | Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "creat... | E | |
| CVE-2022-40778 | A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 a... | | |
| CVE-2022-40784 | Unlimited strcpy on user input when setting a locale file leads to stack buffer overflow in mIPC cam... | | |
| CVE-2022-40785 | Unsanitized input when setting a locale file leads to shell injection in mIPC camera firmware 5.3.1.... | | |
| CVE-2022-40797 | Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UP... | E | |
| CVE-2022-40798 | OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the r... | E | |
| CVE-2022-40799 | Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated atta... | E | |
| CVE-2022-40805 | The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor ... | E | |
| CVE-2022-40806 | The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inser... | E | |
| CVE-2022-40807 | The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor ins... | E | |
| CVE-2022-40808 | The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inser... | E | |
| CVE-2022-40809 | The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inser... | | |
| CVE-2022-40810 | The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoo... | | |
| CVE-2022-40811 | The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor insert... | E | |
| CVE-2022-40812 | The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor insert... | | |
| CVE-2022-40816 | Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic ... | | |
| CVE-2022-40817 | Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to ticket... | | |
| CVE-2022-40824 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database... | E | |
| CVE-2022-40825 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database... | E | |
| CVE-2022-40826 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database... | E | |
| CVE-2022-40827 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database... | E | |
| CVE-2022-40828 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database... | E | |
| CVE-2022-40829 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database... | E | |
| CVE-2022-40830 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database... | E | |
| CVE-2022-40831 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database... | E | |
| CVE-2022-40832 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database... | E | |
| CVE-2022-40833 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database... | E | |
| CVE-2022-40834 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database... | E | |
| CVE-2022-40835 | B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database... | E | |
| CVE-2022-40839 | A SQL injection vulnerability in the height and width parameter in NdkAdvancedCustomizationFields v3... | E | |
| CVE-2022-40840 | ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via crea... | E | |
| CVE-2022-40841 | A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers... | E | |
| CVE-2022-40842 | ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) ... | E | |
| CVE-2022-40843 | The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / imprope... | E | |
| CVE-2022-40844 | In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored... | E | |
| CVE-2022-40845 | The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerabil... | E | |
| CVE-2022-40846 | In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerabi... | E | |
| CVE-2022-40847 | In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerabilit... | E | |
| CVE-2022-40849 | ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfull... | E | |
| CVE-2022-40851 | Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.... | E | |
| CVE-2022-40853 | Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_sett... | E | |
| CVE-2022-40854 | Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set... | E | |
| CVE-2022-40855 | Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post ... | E | |
| CVE-2022-40860 | Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBan... | E | |
| CVE-2022-40861 | Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_00... | E | |
| CVE-2022-40862 | Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNa... | E | |
| CVE-2022-40864 | Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setS... | E | |
| CVE-2022-40865 | Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSc... | E | |
| CVE-2022-40866 | Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overf... | E | |
| CVE-2022-40867 | Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overf... | E | |
| CVE-2022-40868 | Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overf... | E | |
| CVE-2022-40869 | Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function from... | E | |
| CVE-2022-40870 | The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection a... | E | |
| CVE-2022-40871 | Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be ad... | E | |
| CVE-2022-40872 | An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0.,... | E | |
| CVE-2022-40874 | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentContro... | E | |
| CVE-2022-40875 | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo... | E | |
| CVE-2022-40876 | In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, ... | E | |
| CVE-2022-40877 | Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.... | E | |
| CVE-2022-40878 | In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in... | E | |
| CVE-2022-40879 | kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'... | E | |
| CVE-2022-40881 | SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.... | E | |
| CVE-2022-40884 | Bento4 1.6.0 has memory leaks via the mp4fragment.... | | |
| CVE-2022-40885 | Bento4 v1.6.0-639 has a memory allocation issue that can cause denial of service.... | | |
| CVE-2022-40886 | DedeCMS 5.7.98 has a file upload vulnerability in the background.... | E | |
| CVE-2022-40887 | SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection.... | E | |
| CVE-2022-40889 | Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.... | E | |
| CVE-2022-40890 | A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of servi... | E | |
| CVE-2022-40895 | In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow ... | E | |
| CVE-2022-40896 | A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer... | E S | |
| CVE-2022-40897 | Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial... | E S | |
| CVE-2022-40898 | An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote atta... | E | |
| CVE-2022-40899 | An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a ... | E S | |
| CVE-2022-40903 | Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repea... | | |
| CVE-2022-40912 | ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (X... | E | |
| CVE-2022-40916 | Tiny File Manager v2.4.7 and below is vulnerable to session fixation.... | | |
| CVE-2022-40918 | Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV ... | E | |
| CVE-2022-40921 | DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /... | E | |
| CVE-2022-40922 | A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows att... | E | |
| CVE-2022-40923 | A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows ... | E S | |
| CVE-2022-40924 | Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of... | E | |
| CVE-2022-40925 | Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of... | E | |
| CVE-2022-40926 | Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.... | E | |
| CVE-2022-40927 | Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.... | E | |
| CVE-2022-40928 | Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.... | E | |
| CVE-2022-40929 | XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed beca... | E | |
| CVE-2022-40931 | dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS).... | E S | |
| CVE-2022-40932 | In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload... | E | |
| CVE-2022-40933 | Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injection via /pet_shop/classes/Master... | E | |
| CVE-2022-40934 | Online Pet Shop We App v1.0 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete... | E | |
| CVE-2022-40935 | Online Pet Shop We App v1.0 is vulnerable to SQL Injection via /pet_shop/classes/Master.php?f=delete... | E | |
| CVE-2022-40939 | In certain Secustation products the administrator account password can be read. This affects V2.5.5.... | E | |
| CVE-2022-40942 | Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time.... | E | |
| CVE-2022-40943 | Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file.... | | |
| CVE-2022-40944 | Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.... | E | |
| CVE-2022-40946 | On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Den... | E | |
| CVE-2022-40954 | Apache Airflow Spark Provider RCE that bypass restrictions to read arbitrary files | S | |
| CVE-2022-40955 | Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC | S | |
| CVE-2022-40956 | When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and acce... | | |
| CVE-2022-40957 | Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially ... | | |
| CVE-2022-40958 | By injecting a cookie with certain special characters, an attacker on a shared subdomain which is no... | | |
| CVE-2022-40959 | During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading t... | | |
| CVE-2022-40960 | Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-a... | | |
| CVE-2022-40961 | During startup, a graphics driver with an unexpected name could lead to a stack-buffer overflow caus... | | |
| CVE-2022-40962 | Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla ... | | |
| CVE-2022-40963 | WordPress WP Page Builder plugin <= 1.2.6 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities | S | |
| CVE-2022-40964 | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allo... | S | |
| CVE-2022-40965 | Delta Electronics DIAEnergie | S | |
| CVE-2022-40966 | Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent at... | S | |
| CVE-2022-40967 | Delta Electronics DIAEnergie | S | |
| CVE-2022-40968 | WordPress 2kb Amazon Affiliates Store Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-40969 | An os command injection vulnerability exists in the httpd delfile.cgi functionality of Siretta QUART... | E | |
| CVE-2022-40970 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-40971 | Incorrect default permissions for the Intel(R) HDMI Firmware Update Tool for NUC before version 1.79... | S | |
| CVE-2022-40972 | Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an a... | S | |
| CVE-2022-40974 | Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privi... | | |
| CVE-2022-40975 | WordPress Post Slider plugin <= 1.6.7 - Broken Access Control vulnerability | | |
| CVE-2022-40976 | PILZ: Multiple products affected by ZipSlip | | |
| CVE-2022-40977 | PILZ: PASvisu and PMI affected by ZipSlip | M | |
| CVE-2022-40978 | The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijackin... | | |
| CVE-2022-40979 | In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged wh... | | |
| CVE-2022-40980 | A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise ... | | |
| CVE-2022-40981 | ETIC Telecom Remote Access Server Unrestricted Upload of File with Dangerous Type | S | |
| CVE-2022-40982 | Information exposure through microarchitectural state after transient execution in certain vector ex... | E M | |
| CVE-2022-40983 | An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A s... | E | |
| CVE-2022-40984 | Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31 to 1.61 and WTViewerEfree... | | |
| CVE-2022-40985 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | | |
| CVE-2022-40986 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | | |
| CVE-2022-40987 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | | |
| CVE-2022-40988 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | | |
| CVE-2022-40989 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | | |
| CVE-2022-40990 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | | |
| CVE-2022-40991 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | | |
| CVE-2022-40992 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | | |
| CVE-2022-40993 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | | |
| CVE-2022-40994 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | | |
| CVE-2022-40995 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | | |
| CVE-2022-40996 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | | |
| CVE-2022-40997 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | | |
| CVE-2022-40998 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | | |
| CVE-2022-40999 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | |