| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-41000 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41001 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41002 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41003 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41004 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41005 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41006 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41007 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41008 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41009 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41010 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41011 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41012 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41013 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41014 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41015 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41016 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41017 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41018 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41019 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41020 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41021 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41022 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41023 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41024 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41025 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41026 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41027 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41028 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41029 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41030 | Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functiona... | E | |
| CVE-2022-41031 | Microsoft Word Remote Code Execution Vulnerability | S | |
| CVE-2022-41032 | NuGet Client Elevation of Privilege Vulnerability | S | |
| CVE-2022-41033 | Windows COM+ Event System Service Elevation of Privilege Vulnerability | KEV S | |
| CVE-2022-41034 | Visual Studio Code Remote Code Execution Vulnerability | S | |
| CVE-2022-41035 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | S | |
| CVE-2022-41036 | Microsoft SharePoint Server Remote Code Execution Vulnerability | S | |
| CVE-2022-41037 | Microsoft SharePoint Server Remote Code Execution Vulnerability | S | |
| CVE-2022-41038 | Microsoft SharePoint Server Remote Code Execution Vulnerability | S | |
| CVE-2022-41039 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | | |
| CVE-2022-41040 | Microsoft Exchange Server Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2022-41042 | Visual Studio Code Information Disclosure Vulnerability | S | |
| CVE-2022-41043 | Microsoft Office Information Disclosure Vulnerability | S | |
| CVE-2022-41044 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | | |
| CVE-2022-41045 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | | |
| CVE-2022-41047 | Microsoft ODBC Driver Remote Code Execution Vulnerability | | |
| CVE-2022-41048 | Microsoft ODBC Driver Remote Code Execution Vulnerability | | |
| CVE-2022-41049 | Windows Mark of the Web Security Feature Bypass Vulnerability | KEV S | |
| CVE-2022-41050 | Windows Extensible File Allocation Table Elevation of Privilege Vulnerability | | |
| CVE-2022-41051 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | | |
| CVE-2022-41052 | Windows Graphics Component Remote Code Execution Vulnerability | | |
| CVE-2022-41053 | Windows Kerberos Denial of Service Vulnerability | | |
| CVE-2022-41054 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | | |
| CVE-2022-41055 | Windows Human Interface Device Information Disclosure Vulnerability | | |
| CVE-2022-41056 | Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability | | |
| CVE-2022-41057 | Windows HTTP.sys Elevation of Privilege Vulnerability | | |
| CVE-2022-41058 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | | |
| CVE-2022-41060 | Microsoft Word Information Disclosure Vulnerability | | |
| CVE-2022-41061 | Microsoft Word Remote Code Execution Vulnerability | | |
| CVE-2022-41062 | Microsoft SharePoint Server Remote Code Execution Vulnerability | | |
| CVE-2022-41063 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2022-41064 | .NET Framework Information Disclosure Vulnerability | S | |
| CVE-2022-41066 | Microsoft Business Central Information Disclosure Vulnerability | | |
| CVE-2022-41073 | Windows Print Spooler Elevation of Privilege Vulnerability | KEV S | |
| CVE-2022-41074 | Windows Graphics Component Information Disclosure Vulnerability | | |
| CVE-2022-41076 | PowerShell Remote Code Execution Vulnerability | S | |
| CVE-2022-41077 | Windows Fax Compose Form Elevation of Privilege Vulnerability | | |
| CVE-2022-41078 | Microsoft Exchange Server Spoofing Vulnerability | | |
| CVE-2022-41079 | Microsoft Exchange Server Spoofing Vulnerability | | |
| CVE-2022-41080 | Microsoft Exchange Server Elevation of Privilege Vulnerability | KEV S | |
| CVE-2022-41081 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | S | |
| CVE-2022-41082 | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV E S | |
| CVE-2022-41083 | Visual Studio Code Elevation of Privilege Vulnerability | S | |
| CVE-2022-41085 | Azure CycleCloud Elevation of Privilege Vulnerability | | |
| CVE-2022-41086 | Windows Group Policy Elevation of Privilege Vulnerability | | |
| CVE-2022-41088 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | | |
| CVE-2022-41089 | .NET Framework Remote Code Execution Vulnerability | S | |
| CVE-2022-41090 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | | |
| CVE-2022-41091 | Windows Mark of the Web Security Feature Bypass Vulnerability | KEV S | |
| CVE-2022-41092 | Windows Win32k Elevation of Privilege Vulnerability | | |
| CVE-2022-41093 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | | |
| CVE-2022-41094 | Windows Hyper-V Elevation of Privilege Vulnerability | | |
| CVE-2022-41095 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | | |
| CVE-2022-41096 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | | |
| CVE-2022-41097 | Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability | | |
| CVE-2022-41098 | Windows GDI+ Information Disclosure Vulnerability | S | |
| CVE-2022-41099 | BitLocker Security Feature Bypass Vulnerability | | |
| CVE-2022-41100 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | | |
| CVE-2022-41101 | Windows Overlay Filter Elevation of Privilege Vulnerability | | |
| CVE-2022-41102 | Windows Overlay Filter Elevation of Privilege Vulnerability | | |
| CVE-2022-41103 | Microsoft Word Information Disclosure Vulnerability | | |
| CVE-2022-41104 | Microsoft Excel Security Feature Bypass Vulnerability | | |
| CVE-2022-41105 | Microsoft Excel Information Disclosure Vulnerability | | |
| CVE-2022-41106 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2022-41107 | Microsoft Office Graphics Remote Code Execution Vulnerability | | |
| CVE-2022-41109 | Windows Win32k Elevation of Privilege Vulnerability | | |
| CVE-2022-41113 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | | |
| CVE-2022-41114 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | | |
| CVE-2022-41115 | Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability | S | |
| CVE-2022-41116 | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | | |
| CVE-2022-41118 | Windows Scripting Languages Remote Code Execution Vulnerability | | |
| CVE-2022-41119 | Visual Studio Remote Code Execution Vulnerability | | |
| CVE-2022-41120 | Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability | | |
| CVE-2022-41121 | Windows Graphics Component Elevation of Privilege Vulnerability | S | |
| CVE-2022-41122 | Microsoft SharePoint Server Spoofing Vulnerability | | |
| CVE-2022-41123 | Microsoft Exchange Server Elevation of Privilege Vulnerability | | |
| CVE-2022-41125 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | KEV S | |
| CVE-2022-41127 | Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability | | |
| CVE-2022-41128 | Windows Scripting Languages Remote Code Execution Vulnerability | KEV S | |
| CVE-2022-41131 | Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection) | S | |
| CVE-2022-41132 | WordPress Ezoic plugin <= 2.8.8 - Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability | S | |
| CVE-2022-41133 | Delta Electronics DIAEnergie | S | |
| CVE-2022-41134 | WordPress Optinly Plugin <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-41135 | WordPress Modula plugin <= 2.6.9 - Unauth. Plugin Settings Change vulnerability | S | |
| CVE-2022-41136 | WordPress Shortcodes Ultimate plugin <= 5.12.0 - CSRF vulnerability leading to Stored XSS | S | |
| CVE-2022-41137 | Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore | S | |
| CVE-2022-41138 | In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.... | E S | |
| CVE-2022-41139 | MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field... | E | |
| CVE-2022-41140 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2022-41141 | This vulnerability allows local attackers to escalate privileges on affected installations of Windsc... | | |
| CVE-2022-41142 | This vulnerability allows remote attackers to escalate privileges on affected installations of Centr... | | |
| CVE-2022-41143 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-41144 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-41145 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-41146 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-41147 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-41148 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-41149 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-41150 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-41151 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-41152 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | | |
| CVE-2022-41153 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2022-41154 | A directory traversal vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUART... | E | |
| CVE-2022-41155 | WordPress iQ Block Country plugin <= 1.2.18 - Block BYPASS vulnerability | S | |
| CVE-2022-41156 | OndiskPlayer Remote Code Execution Vulnerability | | |
| CVE-2022-41157 | ERP solution Remote Code Execution Vulnerability | | |
| CVE-2022-41158 | eyoom builder Remote Code Execution Vulnerability | | |
| CVE-2022-41166 | Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, Obj... | | |
| CVE-2022-41167 | Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTran... | | |
| CVE-2022-41168 | Due to lack of proper memory management, when a victim opens a manipulated CATIA5 Part (.catpart, Ca... | | |
| CVE-2022-41169 | Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, Cati... | | |
| CVE-2022-41170 | Due to lack of proper memory management, when a victim opens a manipulated CATIA4 Part (.model, Cati... | | |
| CVE-2022-41171 | Due to lack of proper memory management, when a victim opens manipulated CATIA4 Part (.model, CatiaT... | | |
| CVE-2022-41172 | Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTran... | | |
| CVE-2022-41173 | Due to lack of proper memory management, when a victim opens manipulated AutoCAD (.dxf, TeighaTransl... | | |
| CVE-2022-41174 | Due to lack of proper memory management, when a victim opens manipulated Right Hemisphere Material (... | | |
| CVE-2022-41175 | Due to lack of proper memory management, when a victim opens a manipulated Enhanced Metafile (.emf, ... | | |
| CVE-2022-41176 | Due to lack of proper memory management, when a victim opens manipulated Enhanced Metafile (.emf, em... | | |
| CVE-2022-41177 | Due to lack of proper memory management, when a victim opens a manipulated Iges Part and Assembly (.... | | |
| CVE-2022-41178 | Due to lack of proper memory management, when a victim opens manipulated Iges Part and Assembly (.ig... | | |
| CVE-2022-41179 | Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt,... | | |
| CVE-2022-41180 | Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format ... | | |
| CVE-2022-41181 | Due to lack of proper memory management, when a victim opens manipulated Portable Document Format (.... | | |
| CVE-2022-41182 | Due to lack of proper memory management, when a victim opens manipulated Parasolid Part and Assembly... | | |
| CVE-2022-41183 | Due to lack of proper memory management, when a victim opens manipulated Windows Cursor File (.cur, ... | | |
| CVE-2022-41184 | Due to lack of proper memory management, when a victim opens a manipulated Windows Cursor File (.cur... | | |
| CVE-2022-41185 | Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vd... | | |
| CVE-2022-41186 | Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile ... | | |
| CVE-2022-41187 | Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, O... | | |
| CVE-2022-41188 | Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, Obj... | | |
| CVE-2022-41189 | Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTran... | | |
| CVE-2022-41190 | Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTran... | | |
| CVE-2022-41191 | Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt,... | | |
| CVE-2022-41192 | Due to lack of proper memory management, when a victim opens manipulated Jupiter Tesselation (.jt, J... | | |
| CVE-2022-41193 | Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script ... | | |
| CVE-2022-41194 | Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript (... | | |
| CVE-2022-41195 | Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File ... | | |
| CVE-2022-41196 | Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x... | | |
| CVE-2022-41197 | Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x... | | |
| CVE-2022-41198 | Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.... | | |
| CVE-2022-41199 | Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, ... | | |
| CVE-2022-41200 | Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (... | | |
| CVE-2022-41201 | Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (... | | |
| CVE-2022-41202 | Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vd... | | |
| CVE-2022-41203 | In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), a... | | |
| CVE-2022-41204 | An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login... | | |
| CVE-2022-41205 | SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful expl... | | |
| CVE-2022-41206 | SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows a... | | |
| CVE-2022-41207 | SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked... | | |
| CVE-2022-41208 | Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenti... | | |
| CVE-2022-41209 | SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which l... | | |
| CVE-2022-41210 | SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number ge... | | |
| CVE-2022-41211 | Due to lack of proper memory management, when a victim opens manipulated file received from untruste... | | |
| CVE-2022-41212 | Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows... | | |
| CVE-2022-41214 | Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows... | | |
| CVE-2022-41215 | SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to ... | | |
| CVE-2022-41216 | Cloudflow - Local File Inclusion Vulnerability | S | |
| CVE-2022-41217 | Cloudflow - Unauthenticated file upload vulnerability | S | |
| CVE-2022-41218 | In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free ca... | E | |
| CVE-2022-41220 | md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CV... | E | |
| CVE-2022-41221 | The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated ... | E | |
| CVE-2022-41222 | mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap l... | E S | |
| CVE-2022-41223 | The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authen... | KEV | |
| CVE-2022-41224 | Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component... | | |
| CVE-2022-41225 | Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided b... | | |
| CVE-2022-41226 | Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser t... | | |
| CVE-2022-41227 | A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher... | | |
| CVE-2022-41228 | A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and e... | | |
| CVE-2022-41229 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configu... | | |
| CVE-2022-41230 | Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpo... | | |
| CVE-2022-41231 | Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to c... | | |
| CVE-2022-41232 | A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier... | | |
| CVE-2022-41233 | Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multip... | | |
| CVE-2022-41234 | Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ en... | | |
| CVE-2022-41235 | Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent process... | | |
| CVE-2022-41236 | A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc369... | | |
| CVE-2022-41237 | Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantia... | | |
| CVE-2022-41238 | A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attack... | | |
| CVE-2022-41239 | Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to ... | | |
| CVE-2022-41240 | Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, re... | | |
| CVE-2022-41241 | Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity ... | | |
| CVE-2022-41242 | A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with ... | | |
| CVE-2022-41243 | Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to t... | | |
| CVE-2022-41244 | Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when con... | | |
| CVE-2022-41245 | A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.... | | |
| CVE-2022-41246 | A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allow... | | |
| CVE-2022-41247 | Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its gl... | | |
| CVE-2022-41248 | Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global ... | | |
| CVE-2022-41249 | A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier a... | | |
| CVE-2022-41250 | A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Ov... | | |
| CVE-2022-41251 | A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Re... | | |
| CVE-2022-41252 | Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read... | | |
| CVE-2022-41253 | A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows... | | |
| CVE-2022-41254 | Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/R... | | |
| CVE-2022-41255 | Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml file... | | |
| CVE-2022-41258 | Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenti... | | |
| CVE-2022-41259 | SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from a... | | |
| CVE-2022-41260 | SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which... | | |
| CVE-2022-41261 | SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows ... | | |
| CVE-2022-41262 | Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, ... | | |
| CVE-2022-41263 | Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Inte... | | |
| CVE-2022-41264 | Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 7... | | |
| CVE-2022-41266 | Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905,... | | |
| CVE-2022-41267 | SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privil... | | |
| CVE-2022-41268 | In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, ... | | |
| CVE-2022-41271 | An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System... | | |
| CVE-2022-41272 | An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by... | | |
| CVE-2022-41273 | Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1... | | |
| CVE-2022-41274 | SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain miscon... | | |
| CVE-2022-41275 | In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can... | | |
| CVE-2022-41278 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V1... | | |
| CVE-2022-41279 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V1... | | |
| CVE-2022-41280 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V1... | | |
| CVE-2022-41281 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V1... | | |
| CVE-2022-41282 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V1... | | |
| CVE-2022-41283 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V1... | | |
| CVE-2022-41284 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V1... | | |
| CVE-2022-41285 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V1... | | |
| CVE-2022-41286 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V1... | | |
| CVE-2022-41287 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V1... | | |
| CVE-2022-41288 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V1... | | |
| CVE-2022-41290 | IBM AIX privilege escalation | S | |
| CVE-2022-41291 | IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an... | S | |
| CVE-2022-41294 | IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross ori... | | |
| CVE-2022-41296 | IBM Db2U cross-site respect forgery | | |
| CVE-2022-41297 | IBM Db2U cross-site request forgery | | |
| CVE-2022-41299 | IBM Cloud Transformation Advisor cross-site scripting | | |
| CVE-2022-41301 | A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead ... | | |
| CVE-2022-41302 | An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code exe... | S | |
| CVE-2022-41303 | A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerabi... | S | |
| CVE-2022-41304 | An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code exe... | S | |
| CVE-2022-41305 | A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead ... | | |
| CVE-2022-41306 | A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memo... | S | |
| CVE-2022-41307 | A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead ... | S | |
| CVE-2022-41308 | A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead ... | | |
| CVE-2022-41309 | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead ... | S | |
| CVE-2022-41310 | A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead ... | S | |
| CVE-2022-41311 | A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-... | E | |
| CVE-2022-41312 | A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-... | E | |
| CVE-2022-41313 | A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-... | E | |
| CVE-2022-41314 | Uncontrolled search path in some Intel(R) Network Adapter installer software may allow an authentica... | | |
| CVE-2022-41315 | WordPress Ezoic plugin <= 2.8.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-41316 | HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the option... | | |
| CVE-2022-41317 | An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handlin... | S | |
| CVE-2022-41318 | A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-... | S | |
| CVE-2022-41319 | A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO)... | | |
| CVE-2022-41320 | Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows... | | |
| CVE-2022-41322 | In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead... | E S | |
| CVE-2022-41323 | In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were sub... | S | |
| CVE-2022-41324 | Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Incorrect Access Control and allo... | | |
| CVE-2022-41325 | An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers... | E S | |
| CVE-2022-41326 | The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated att... | M | |
| CVE-2022-41327 | A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS versio... | S | |
| CVE-2022-41328 | A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-... | KEV S | |
| CVE-2022-41329 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet Fo... | S | |
| CVE-2022-41330 | An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting'... | S | |
| CVE-2022-41331 | A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructu... | S | |
| CVE-2022-41333 | An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and belo... | S | |
| CVE-2022-41334 | An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS ver... | S | |
| CVE-2022-41335 | A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.... | S | |
| CVE-2022-41336 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal... | S | |
| CVE-2022-41339 | In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module a... | | |
| CVE-2022-41340 | The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validati... | S | |
| CVE-2022-41341 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-41342 | Improper buffer restrictions in the Intel(R) C++ Compiler Classic before version 2021.7.1 for some I... | | |
| CVE-2022-41343 | registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI va... | E S | |
| CVE-2022-41347 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configu... | E S | |
| CVE-2022-41348 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute o... | | |
| CVE-2022-41349 | In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter tha... | | |
| CVE-2022-41350 | In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone... | | |
| CVE-2022-41351 | In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding Ja... | | |
| CVE-2022-41352 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitra... | KEV E S | |
| CVE-2022-41354 | An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate e... | | |
| CVE-2022-41355 | Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the ... | E | |
| CVE-2022-41358 | A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers ... | E | |
| CVE-2022-41376 | Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerabi... | E | |
| CVE-2022-41377 | Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id param... | E | |
| CVE-2022-41378 | Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id param... | E | |
| CVE-2022-41379 | An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of On... | E | |
| CVE-2022-41380 | The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoo... | E | |
| CVE-2022-41381 | The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution back... | E | |
| CVE-2022-41382 | The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoo... | E | |
| CVE-2022-41383 | The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution bac... | E | |
| CVE-2022-41384 | The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution back... | E | |
| CVE-2022-41385 | The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoo... | E | |
| CVE-2022-41386 | The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution back... | E | |
| CVE-2022-41387 | The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoo... | E | |
| CVE-2022-41390 | OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at downloa... | E | |
| CVE-2022-41391 | OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg... | E | |
| CVE-2022-41392 | A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute ar... | E | |
| CVE-2022-41395 | Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vul... | E | |
| CVE-2022-41396 | Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command inject... | E | |
| CVE-2022-41397 | The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-cod... | | |
| CVE-2022-41398 | The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded creden... | | |
| CVE-2022-41399 | The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfis... | | |
| CVE-2022-41400 | Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords a... | | |
| CVE-2022-41401 | OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unau... | E | |
| CVE-2022-41403 | OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the... | E | |
| CVE-2022-41404 | An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers... | E | |
| CVE-2022-41406 | An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management Sy... | E | |
| CVE-2022-41407 | Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id param... | E | |
| CVE-2022-41408 | Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id param... | | |
| CVE-2022-41409 | Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of servi... | E S | |
| CVE-2022-41412 | An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sen... | | |
| CVE-2022-41413 | perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is trig... | | |
| CVE-2022-41414 | An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4... | | |
| CVE-2022-41415 | Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem... | E | |
| CVE-2022-41416 | Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerabilit... | E | |
| CVE-2022-41417 | BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data... | S | |
| CVE-2022-41418 | An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NE... | S | |
| CVE-2022-41419 | Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_Processor::Process function in... | E | |
| CVE-2022-41420 | nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component... | E | |
| CVE-2022-41423 | Bento4 v1.6.0-639 was discovered to contain a segmentation violation in the mp4fragment component.... | E | |
| CVE-2022-41424 | Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_SttsAtom::Create function in m... | E | |
| CVE-2022-41425 | Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessF... | E | |
| CVE-2022-41426 | Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_AtomFactory::CreateAtomFromStr... | E | |
| CVE-2022-41427 | Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_AvcFrameParser::Feed function i... | E | |
| CVE-2022-41428 | Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBits function... | E | |
| CVE-2022-41429 | Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_Atom::TypeFromString functio... | E S | |
| CVE-2022-41430 | Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function ... | E S | |
| CVE-2022-41431 | xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /ad... | E | |
| CVE-2022-41432 | EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vu... | | |
| CVE-2022-41433 | EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vu... | | |
| CVE-2022-41434 | EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vu... | | |
| CVE-2022-41435 | OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scriptin... | E S | |
| CVE-2022-41436 | An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel v... | E | |
| CVE-2022-41437 | Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability vi... | E | |
| CVE-2022-41439 | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id param... | E | |
| CVE-2022-41440 | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id param... | E | |
| CVE-2022-41441 | Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arb... | E | |
| CVE-2022-41442 | PicUploader v2.6.3 was discovered to contain cross-site scripting (XSS) vulnerability via the setSto... | E S | |
| CVE-2022-41443 | phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/s... | E | |
| CVE-2022-41444 | Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.... | E | |
| CVE-2022-41445 | A cross-site scripting (XSS) vulnerability in Record Management System using CodeIgniter 1.0 allows ... | E | |
| CVE-2022-41446 | An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 a... | E | |
| CVE-2022-41471 | 74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the r... | E | |
| CVE-2022-41472 | 74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the compone... | E | |
| CVE-2022-41473 | RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the S... | E | |
| CVE-2022-41474 | RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to... | E | |
| CVE-2022-41475 | RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to... | E | |
| CVE-2022-41477 | A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability... | E | |
| CVE-2022-41479 | The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.... | E | |
| CVE-2022-41480 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in t... | | |
| CVE-2022-41481 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in t... | | |
| CVE-2022-41482 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in t... | | |
| CVE-2022-41483 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in t... | | |
| CVE-2022-41484 | Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to contain a buffer overflow in the 0x32384 fu... | | |
| CVE-2022-41485 | Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in t... | | |
| CVE-2022-41489 | WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows att... | E | |
| CVE-2022-41495 | ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news... | E | |
| CVE-2022-41496 | iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at... | E | |
| CVE-2022-41497 | ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url para... | E | |
| CVE-2022-41498 | Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id param... | E | |
| CVE-2022-41500 | EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities ... | E | |
| CVE-2022-41504 | An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing ... | E | |
| CVE-2022-41505 | An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obt... | E | |
| CVE-2022-41512 | An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnosti... | E | |
| CVE-2022-41513 | Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability... | E | |
| CVE-2022-41514 | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-41515 | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-41517 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow in the lang param... | E | |
| CVE-2022-41518 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2022-41520 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow vi... | E | |
| CVE-2022-41521 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow vi... | E | |
| CVE-2022-41522 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow ... | E | |
| CVE-2022-41523 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow vi... | E | |
| CVE-2022-41524 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow vi... | E | |
| CVE-2022-41525 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2022-41526 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow vi... | E | |
| CVE-2022-41527 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow vi... | E | |
| CVE-2022-41528 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow vi... | E | |
| CVE-2022-41530 | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-41532 | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-41533 | Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vuln... | E | |
| CVE-2022-41534 | Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vuln... | E | |
| CVE-2022-41535 | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-41536 | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-41537 | Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vul... | E | |
| CVE-2022-41538 | Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the compone... | E | |
| CVE-2022-41539 | Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the compone... | E | |
| CVE-2022-41540 | The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating... | E | |
| CVE-2022-41541 | TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitt... | E | |
| CVE-2022-41542 | devhub 0.102.0 was discovered to contain a broken session control.... | | |
| CVE-2022-41544 | GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the ... | E | |
| CVE-2022-41545 | The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and pos... | | |
| CVE-2022-41547 | Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion ... | E S | |
| CVE-2022-41550 | GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_head... | | |
| CVE-2022-41551 | Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id par... | E | |
| CVE-2022-41552 | Server-Side Request Forgery Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer | | |
| CVE-2022-41553 | Information Exposure Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer | | |
| CVE-2022-41554 | WordPress Slideshow SE Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-41555 | Delta Electronics DIAEnergie | S | |
| CVE-2022-41556 | A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service ... | E S | |
| CVE-2022-41558 | TIBCO Spotfire Stored Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2022-41559 | TIBCO Nimbus Open Redirect Vulnerability | S | |
| CVE-2022-41560 | TIBCO Nimbus Denial of Service Vulnerability | S | |
| CVE-2022-41561 | TIBCO JasperReports Server RCE Vulnerability | S | |
| CVE-2022-41562 | TIBCO JasperReports Server XSS Issue on Roles | S | |
| CVE-2022-41563 | TIBCO JasperReports Server Stored XSS Vulnerability | S | |
| CVE-2022-41564 | TIBCO Operational Intelligence Hawk Redtail Credential Exposure Vulnerability | S | |
| CVE-2022-41565 | TIBCO EBX Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2022-41566 | TIBCO EBX Add-ons Cross Site Scripting (XSS) Vulnerability | S | |
| CVE-2022-41567 | TIBCO BusinessConnect Stored XSS Vulnerability | S | |
| CVE-2022-41568 | LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in grou... | | |
| CVE-2022-41570 | An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occ... | | |
| CVE-2022-41571 | An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur.... | | |
| CVE-2022-41572 | An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplis... | | |
| CVE-2022-41573 | An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of ... | | |
| CVE-2022-41574 | An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers... | M | |
| CVE-2022-41575 | A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 thro... | | |
| CVE-2022-41576 | The rphone module has a script that can be maliciously modified.Successful exploitation of this vuln... | | |
| CVE-2022-41577 | The kernel server has a vulnerability of not verifying the length of the data transferred in the use... | | |
| CVE-2022-41578 | The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerabil... | | |
| CVE-2022-41579 | There is an insufficient authentication vulnerability in some Huawei band products. Successful explo... | | |
| CVE-2022-41580 | The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation o... | | |
| CVE-2022-41581 | The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation o... | | |
| CVE-2022-41582 | The security module has configuration defects.Successful exploitation of this vulnerability may affe... | | |
| CVE-2022-41583 | The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successfu... | | |
| CVE-2022-41584 | The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerabil... | | |
| CVE-2022-41585 | The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerabil... | | |
| CVE-2022-41586 | The communication framework module has a vulnerability of not truncating data properly.Successful ex... | | |
| CVE-2022-41587 | Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may a... | | |
| CVE-2022-41588 | The home screen module has a vulnerability in service logic processing.Successful exploitation of th... | | |
| CVE-2022-41589 | The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful e... | | |
| CVE-2022-41590 | Some smartphones have authentication-related (including session management) vulnerabilities as the s... | | |
| CVE-2022-41591 | The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability ... | | |
| CVE-2022-41592 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the finge... | | |
| CVE-2022-41593 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the finge... | | |
| CVE-2022-41594 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the finge... | | |
| CVE-2022-41595 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the finge... | | |
| CVE-2022-41596 | The system tool has inconsistent serialization and deserialization. Successful exploitation of this ... | S | |
| CVE-2022-41597 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the finge... | | |
| CVE-2022-41598 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the finge... | | |
| CVE-2022-41599 | The system service has a vulnerability that causes incorrect return values. Successful exploitation ... | S | |
| CVE-2022-41600 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the finge... | | |
| CVE-2022-41601 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the finge... | | |
| CVE-2022-41602 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the finge... | | |
| CVE-2022-41603 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the finge... | | |
| CVE-2022-41604 | Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileg... | E | |
| CVE-2022-41606 | HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact s... | | |
| CVE-2022-41607 | ETIC Telecom Remote Access Server Path Traversal | S | |
| CVE-2022-41608 | WordPress Asgaros Forum Plugin <= 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-41609 | WordPress Better Messages plugin <= 1.9.10.68 - Server-Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2022-41610 | Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC befor... | | |
| CVE-2022-41611 | Potential XSS on sidebar navigation | S | |
| CVE-2022-41612 | WordPress Similar Posts Plugin <= 3.1.6 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-41613 | Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bo... | S | |
| CVE-2022-41614 | Insufficiently protected credentials in the Intel(R) ON Event Series Android application before vers... | | |
| CVE-2022-41615 | WordPress Store Locator plugin <= 1.4.5 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-41616 | WordPress Export Users Data CSV Plugin <= 2.1 is vulnerable to CSV Injection | S | |
| CVE-2022-41617 | BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617 | | |
| CVE-2022-41618 | WordPress Media Library Assistant plugin <= 3.00 - Unauthenticated Error Log Disclosure vulnerability | S | |
| CVE-2022-41619 | WordPress Image Zoom Plugin <= 1.8.8 is vulnerable to Broken Access Control | | |
| CVE-2022-41620 | WordPress SeoSamba for WordPress Webmasters Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2022-41621 | Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an a... | S | |
| CVE-2022-41622 | iControl SOAP vulnerability | | |
| CVE-2022-41623 | WordPress ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 - Sensitive Data Exposure vulnerability | S | |
| CVE-2022-41624 | BIG-IP iRules vulnerability CVE-2022-41624 | | |
| CVE-2022-41625 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-41626 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-41627 | The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogr... | | |
| CVE-2022-41628 | Uncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element so... | | |
| CVE-2022-41629 | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users... | S | |
| CVE-2022-41633 | WordPress Community by PeepSo Plugin <= 6.0.2.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-41634 | WordPress Media Library Folders plugin <= 7.1.1 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-41635 | WordPress Advanced Shipment Tracking for WooCommerce Plugin <= 3.5.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-41636 | Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.... | M | |
| CVE-2022-41637 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-41638 | WordPress Pop-Up Chop Chop plugin <= 2.1.7 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-41639 | A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in Open... | E | |
| CVE-2022-41640 | WordPress Wholesale Suite Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-41642 | OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote att... | S | |
| CVE-2022-41643 | WordPress Accessibility plugin <= 1.0.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-41644 | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for ... | S | |
| CVE-2022-41645 | Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain... | | |
| CVE-2022-41646 | Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6... | | |
| CVE-2022-41648 | The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTF... | M | |
| CVE-2022-41649 | A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF image... | E | |
| CVE-2022-41651 | Delta Electronics DIAEnergie | S | |
| CVE-2022-41652 | WordPress Quiz And Survey Master plugin <= 7.3.10 - Bypass vulnerability | S | |
| CVE-2022-41653 | Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attac... | S | |
| CVE-2022-41654 | An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost ... | E | |
| CVE-2022-41655 | WordPress Phone Orders for WooCommerce plugin <= 3.7.1 - Auth. Sensitive Data Exposure vulnerability | S | |
| CVE-2022-41657 | Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided dat... | S | |
| CVE-2022-41658 | Insecure inherited permissions in the Intel(R) VTune(TM) Profiler software before version 2023.0 may... | | |
| CVE-2022-41659 | Improper access control for some Intel Unison software may allow a privileged user to potentially en... | S | |
| CVE-2022-41660 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V... | | |
| CVE-2022-41661 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V... | | |
| CVE-2022-41662 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V... | | |
| CVE-2022-41663 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V... | | |
| CVE-2022-41664 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V... | | |
| CVE-2022-41665 | A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions <... | S | |
| CVE-2022-41666 | A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversa... | | |
| CVE-2022-41667 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabili... | S | |
| CVE-2022-41668 | A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user... | S | |
| CVE-2022-41669 | A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility c... | S | |
| CVE-2022-41670 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabili... | S | |
| CVE-2022-41671 | A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerab... | S | |
| CVE-2022-41672 | Session still functional after user is deactivated | S | |
| CVE-2022-41674 | An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames cou... | E S | |
| CVE-2022-41675 | TEAM JOHNLONG SOFTWARE CO., LTD. MAILD Mail Server - Formula Injection | S | |
| CVE-2022-41676 | TEAM JOHNLONG SOFTWARE CO., LTD. MAILD Mail Server - Cross-Site Scripting | S | |
| CVE-2022-41677 | An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauth... | | |
| CVE-2022-41678 | Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE | | |
| CVE-2022-41679 | Cross-site scripting in Forma LMS version | S | |
| CVE-2022-41680 | SQL Injection in Forma LMS | S | |
| CVE-2022-41681 | File Upload vulnerability in Forma LMS | S | |
| CVE-2022-41684 | A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsin... | E | |
| CVE-2022-41685 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Integration for Szamlazz.hu & WooCommerce and Csomagpontok és szállítási címkék WooCommerce hez plugins | S | |
| CVE-2022-41686 | Out-of-bound memory read and write in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The proc ... | | |
| CVE-2022-41687 | Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element soft... | | |
| CVE-2022-41688 | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication ... | S | |
| CVE-2022-41689 | Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow... | S | |
| CVE-2022-41690 | Improper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may ... | | |
| CVE-2022-41691 | BIG-IP Advanced WAF/ASM bd vulnerability CVE-2022-41691 | M | |
| CVE-2022-41692 | WordPress Appointment Hour Booking plugin <= 1.3.71 - Missing Authorization vulnerability | S | |
| CVE-2022-41693 | Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 m... | | |
| CVE-2022-41694 | BIG-IP and BIG-IQ mcpd vulnerability CVE-2022-41694 | M | |
| CVE-2022-41695 | WordPress Traffic Manager Plugin <= 1.4.5 is vulnerable to Broken Access Control | | |
| CVE-2022-41696 | CVE-2022-41696 | | |
| CVE-2022-41697 | A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. ... | E | |
| CVE-2022-41698 | WordPress If Menu – Visibility control for Menus plugin <= 0.16.3 - Broken Access Control | S | |
| CVE-2022-41699 | Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows befor... | S | |
| CVE-2022-41700 | Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before ... | S | |
| CVE-2022-41701 | Delta Electronics DIAEnergie | S | |
| CVE-2022-41702 | Delta Electronics DIAEnergie | S | |
| CVE-2022-41703 | Apache Superset: SQL injection vulnerability in adhoc clauses | | |
| CVE-2022-41704 | Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input | | |
| CVE-2022-41705 | Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on... | E | |
| CVE-2022-41706 | Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. Thi... | E | |
| CVE-2022-41707 | Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access sensitiv... | E | |
| CVE-2022-41708 | Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing... | E | |
| CVE-2022-41709 | Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any clie... | E | |
| CVE-2022-41710 | Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on an... | E | |
| CVE-2022-41711 | Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on... | E | |
| CVE-2022-41712 | Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is... | E | |
| CVE-2022-41713 | deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an objec... | E | |
| CVE-2022-41714 | fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an obje... | E | |
| CVE-2022-41715 | Memory exhaustion when compiling regular expressions in regexp/syntax | S | |
| CVE-2022-41716 | Unsanitized NUL in environment variables on Windows in syscall and os/exec | S | |
| CVE-2022-41717 | Excessive memory growth in net/http and golang.org/x/net/http2 | S | |
| CVE-2022-41718 | Rejected reason: reserved but not needed... | R | |
| CVE-2022-41719 | Panic in github.com/shamaton/msgpack/v2 | E S | |
| CVE-2022-41720 | Restricted file access on Windows in os and net/http | S | |
| CVE-2022-41721 | Request smuggling due to improper request handling in golang.org/x/net/http2/h2c | E S | |
| CVE-2022-41722 | Path traversal on Windows in path/filepath | | |
| CVE-2022-41723 | Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net | S | |
| CVE-2022-41724 | Panic on large handshake records in crypto/tls | S | |
| CVE-2022-41725 | Excessive resource consumption in mime/multipart | S | |
| CVE-2022-41726 | Rejected reason: reserved but not needed... | R | |
| CVE-2022-41727 | Denial of service via crafted TIFF image in golang.org/x/image/tiff | S | |
| CVE-2022-41728 | Rejected reason: reserved but not needed... | R | |
| CVE-2022-41729 | Rejected reason: reserved but not needed... | R | |
| CVE-2022-41730 | Rejected reason: reserved but not needed... | R | |
| CVE-2022-41731 | IBM Watson Knowledge Catalog on Cloud Pak SQL injection | | |
| CVE-2022-41732 | IBM Maximo information disclosure | | |
| CVE-2022-41733 | IBM InfoSphere Information Server denial of service | S | |
| CVE-2022-41734 | IBM Maximo Asset Management information disclosure | S | |
| CVE-2022-41735 | IBM Business Process Manager cross-site scripting | S | |
| CVE-2022-41736 | IBM Spectrum Scale Container Native Storage Access privilege escalation | | |
| CVE-2022-41737 | IBM Spectrum Scale security bypass | | |
| CVE-2022-41738 | IBM Spectrum Scale security bypass | | |
| CVE-2022-41739 | IBM Spectrum Scale privilege escalation | S | |
| CVE-2022-41740 | IBM Robotic Process Automation information disclosure | S | |
| CVE-2022-41741 | NGINX ngx_http_mp4_module vulnerability CVE-2022-41741 | M | |
| CVE-2022-41742 | NGINX ngx_http_mp4_module vulnerability CVE-2022-41742 | M | |
| CVE-2022-41743 | NGINX ngx_http_hls_module vulnerability CVE-2022-41743 | M | |
| CVE-2022-41744 | A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integ... | S | |
| CVE-2022-41745 | An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create... | S | |
| CVE-2022-41746 | A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the A... | S | |
| CVE-2022-41747 | An improper certification validation vulnerability in Trend Micro Apex One agents could allow a loca... | S | |
| CVE-2022-41748 | A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module c... | S | |
| CVE-2022-41749 | An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker... | S | |
| CVE-2022-41751 | Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename ... | E | |
| CVE-2022-41757 | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper G... | | |
| CVE-2022-41760 | An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/... | E | |
| CVE-2022-41761 | An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under ... | E | |
| CVE-2022-41762 | An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Ne... | E | |
| CVE-2022-41763 | An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ip... | E | |
| CVE-2022-41765 | An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x befo... | S | |
| CVE-2022-41766 | An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x befo... | E S | |
| CVE-2022-41767 | An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x befo... | S | |
| CVE-2022-41769 | Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow ... | | |
| CVE-2022-41770 | BIG-IP and BIG-IQ iControl REST vulnerability CVE-2022-41770 | M | |
| CVE-2022-41771 | Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows befor... | S | |
| CVE-2022-41772 | Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives con... | S | |
| CVE-2022-41773 | Delta Electronics DIAEnergie | S | |
| CVE-2022-41775 | Delta Electronics DIAEnergie SQL Injection | S | |
| CVE-2022-41776 | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users... | S | |
| CVE-2022-41777 | Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of... | S | |
| CVE-2022-41778 | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied d... | | |
| CVE-2022-41779 | Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets... | S | |
| CVE-2022-41780 | F5OS CLI vulnerability CVE-2022-41780 | M | |
| CVE-2022-41781 | WordPress Permalink Manager Lite plugin <= 2.2.20 - Broken Access Control vulnerability | S | |
| CVE-2022-41782 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-41783 | tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a... | | |
| CVE-2022-41784 | Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 m... | S | |
| CVE-2022-41785 | WordPress Photo Gallery – Image Gallery by Ape Plugin <= 2.2.8 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-41786 | WordPress WP Job Portal Plugin <= 2.0.1 is vulnerable to Broken Access Control | S | |
| CVE-2022-41787 | BIG-IP DNS Express vulnerability CVE-2022-41787 | M | |
| CVE-2022-41788 | WordPress Soledad premium theme <= 8.2.5 - Auth. Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-41789 | Potential XSS on default page header | S | |
| CVE-2022-41790 | WordPress WP Time Slots Booking Form Plugin <= 1.1.76 is vulnerable to Broken Access Control | S | |
| CVE-2022-41791 | WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability | | |
| CVE-2022-41793 | An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.... | E | |
| CVE-2022-41794 | A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of Open... | E | |
| CVE-2022-41796 | Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and p... | | |
| CVE-2022-41797 | Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android vers... | | |
| CVE-2022-41798 | Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and pri... | M | |
| CVE-2022-41799 | Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.... | | |
| CVE-2022-41800 | Appliance mode iControl REST vulnerability | | |
| CVE-2022-41801 | Uncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 ... | | |
| CVE-2022-41802 | Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. | | |
| CVE-2022-41803 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-41804 | Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors ma... | | |
| CVE-2022-41805 | WordPress Booster for WooCommerce plugin <= 5.6.6 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-41806 | BIG-IP AFM NAT64 Policy Vulnerability CVE-2022-41806 | M | |
| CVE-2022-41807 | Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which ma... | M | |
| CVE-2022-41808 | Improper buffer restriction in software for the Intel QAT Driver for Linux before version 1.7.l.4.12... | S | |
| CVE-2022-41809 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or... | R | |
| CVE-2022-41810 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or... | R | |
| CVE-2022-41811 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or... | R | |
| CVE-2022-41812 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or... | R | |
| CVE-2022-41813 | BIG-IP PEM and AFM TMUI, TMSH and iControl vulnerability CVE-2022-41813 | M | |
| CVE-2022-41814 | Potential XSS in history view | S | |
| CVE-2022-41828 | In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0... | S | |
| CVE-2022-41830 | Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a r... | M | |
| CVE-2022-41831 | WordPress Glossary Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-41832 | BIG-IP SIP vulnerability CVE-2022-41832 | M | |
| CVE-2022-41833 | BIG-IP iRule vulnerability CVE-2022-41833 | M | |
| CVE-2022-41834 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-41835 | F5OS vulnerability CVE-2022-41835 | | |
| CVE-2022-41836 | BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41836 | M | |
| CVE-2022-41837 | An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality ... | E | |
| CVE-2022-41838 | A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Proje... | E | |
| CVE-2022-41839 | WordPress LoginPress plugin <= 1.6.2 - Broken Access Control vulnerability | S | |
| CVE-2022-41840 | WordPress Welcart eCommerce plugin <= 2.7.7 - Unauth. Directory Traversal vulnerability | S | |
| CVE-2022-41841 | An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::... | E | |
| CVE-2022-41842 | An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.... | E S | |
| CVE-2022-41843 | An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a di... | E | |
| CVE-2022-41844 | An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpd... | E S | |
| CVE-2022-41845 | An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function A... | E | |
| CVE-2022-41846 | An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function A... | E | |
| CVE-2022-41847 | An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(... | E | |
| CVE-2022-41848 | drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resul... | | |
| CVE-2022-41849 | drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant... | | |
| CVE-2022-41850 | roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condi... | | |
| CVE-2022-41851 | A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All... | S | |
| CVE-2022-41852 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-41853 | Remote code execution in HyperSQL DataBase | | |
| CVE-2022-41854 | Stack Overflow in Snakeyaml | E | |
| CVE-2022-41855 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-41856 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-41857 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-41858 | A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in... | S | |
| CVE-2022-41859 | In freeradius, the EAP-PWD function compute_password_element() leaks information about the password ... | S | |
| CVE-2022-41860 | In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look t... | S | |
| CVE-2022-41861 | A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinar... | S | |
| CVE-2022-41862 | In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establi... | | |
| CVE-2022-41870 | AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified ser... | | |
| CVE-2022-41871 | SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated attacker... | | |
| CVE-2022-41873 | Out-of-bounds read and write in BLE L2CAP module | S | |
| CVE-2022-41874 | Tauri Filesystem Scope can be Partially Bypassed | S | |
| CVE-2022-41875 | Remote Code Execution in Optica | | |
| CVE-2022-41876 | ezplatform-graphql GraphQL queries can expose password hashes | | |
| CVE-2022-41877 | Missing input length validation in `drive` channel in FreeRDP | S | |
| CVE-2022-41878 | Parse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers | | |
| CVE-2022-41879 | Parse Server subject to Prototype pollution via Cloud Code Webhooks | | |
| CVE-2022-41880 | ThreadUnsafeUnigramCandidateSampler Heap out of bounds in Tensorflow | E S | |
| CVE-2022-41881 | Netty project is an event-driven asynchronous network application framework. In versions prior to 4.... | E | |
| CVE-2022-41882 | Nextcloud Desktop vulnerable to code injection via malicious link | S | |
| CVE-2022-41883 | Out of bounds segmentation fault due to unequal op inputs in Tensorflow | E S | |
| CVE-2022-41884 | Seg fault in `ndarray_tensor_bridge` due to zero and large inputs in Tensorflow | E S | |
| CVE-2022-41885 | Overflow in `FusedResizeAndPadConv2D` in Tensorflow | E S | |
| CVE-2022-41886 | Overflow in `ImageProjectiveTransformV2` in Tensorflow | E S | |
| CVE-2022-41887 | Overflow in `tf.keras.losses.poisson` in Tensorflow | E S | |
| CVE-2022-41888 | Unckecked rank size in `tf.image.generate_bounding_box_proposals` in Tensorflow | E S | |
| CVE-2022-41889 | Segfault via invalid attributes in `pywrap_tfe_src.cc` in Tensorflow | E S | |
| CVE-2022-41890 | `CHECK` fail in `BCast` overflow in Tensorflow | E S | |
| CVE-2022-41891 | Segfault in `tf.raw_ops.TensorListConcat` in Tensorflow | E S | |
| CVE-2022-41892 | Arches vulnerable to SQL Injection | S | |
| CVE-2022-41893 | `CHECK_EQ` fail in `tf.raw_ops.TensorListResize` in Tensorflow | E S | |
| CVE-2022-41894 | Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite | E S | |
| CVE-2022-41895 | `MirrorPadGrad` heap out of bounds read in Tensorflow | E S | |
| CVE-2022-41896 | `tf.raw_ops.Mfcc` crashes in Tensorflow | E S | |
| CVE-2022-41897 | `FractionalMaxPoolGrad` Heap out of bounds read in Tensorflow | E S | |
| CVE-2022-41898 | `CHECK` fail via inputs in `SparseFillEmptyRowsGrad` in Tensorflow | E S | |
| CVE-2022-41899 | `CHECK` fail via inputs in `SdcaOptimizer` in Tensorflow | E S | |
| CVE-2022-41900 | FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess in Tensorflow | E S | |
| CVE-2022-41901 | `CHECK_EQ` fail via input in `SparseMatrixNNZ` in Tensorflow | E S | |
| CVE-2022-41902 | Out of bounds write in grappler in Tensorflow | S | |
| CVE-2022-41903 | Integer overflow in `git archive`, `git log --format` leading to RCE in git | S | |
| CVE-2022-41904 | Element iOS is vulnerable due to missing decoration for events decrypted with untrusted Megolm sessions | | |
| CVE-2022-41905 | wsgidav is vulnerable to Cross-Site Scripting (XSS) when directory browsing is enabled | S | |
| CVE-2022-41906 | OpenSearch Notifications is vulnerable to Server-Side Request Forgery (SSRF) | S | |
| CVE-2022-41907 | Overflow in `ResizeNearestNeighborGrad` in Tensorflow | E S | |
| CVE-2022-41908 | `CHECK` fail via inputs in `PyFunc` in Tensorflow | E S | |
| CVE-2022-41909 | Segfault in `CompositeTensorVariantToComponents` in Tensorflow | E S | |
| CVE-2022-41910 | Heap out of bounds read in `QuantizeAndDequantizeV2` in Tensorflow | S | |
| CVE-2022-41911 | Invalid char to bool conversion when printing a tensor in Tensorflow | S | |
| CVE-2022-41912 | crewjam/saml go library is vulnerable to signature bypass via multiple Assertion elements | S | |
| CVE-2022-41913 | Discourse-calendar exposes members of hidden groups | S | |
| CVE-2022-41914 | Non-constant-time SCIM token comparison in Zulip Server | S | |
| CVE-2022-41915 | Netty project is an event-driven asynchronous network application framework. Starting in version 4.1... | E S | |
| CVE-2022-41916 | Read one byte past a buffer when normalizing Unicode | | |
| CVE-2022-41917 | Incorrect Error Handling Allowed Partial File Reads Over REST API in OpenSearch | S | |
| CVE-2022-41918 | Issue with fine-grained access control of indices backing data streams | S | |
| CVE-2022-41919 | Fastify vulnerable to Cross-Site Request Forgery (CSRF) attack via incorrect content type | S | |
| CVE-2022-41920 | Zip slip in Lancet | E S | |
| CVE-2022-41921 | Discourse chat messages should have a maximum character limit | S | |
| CVE-2022-41922 | yiisoft/yii before v1.1.27 vulnerable to Remote Code Execution if the application calls `unserialize()` on arbitrary user input | S | |
| CVE-2022-41923 | Grails Spring Security Core plugin vulnerable to privilege escalation | S | |
| CVE-2022-41924 | Tailscale Windows daemon is vulnerable to RCE via CSRF | E | |
| CVE-2022-41925 | Tailscale daemon is vulnerable to information disclosure via CSRF | E | |
| CVE-2022-41926 | Nextcloud Talk Android broadcast incorrect permission handling | S | |
| CVE-2022-41927 | XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags | S | |
| CVE-2022-41928 | XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml | E S | |
| CVE-2022-41929 | Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore | E S | |
| CVE-2022-41930 | org.xwiki.platform:xwiki-platform-user-profile-ui missing authorization to enable or disable users | E S | |
| CVE-2022-41931 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui | E S | |
| CVE-2022-41932 | Creation of new database tables through login form on PostgreSQL | S | |
| CVE-2022-41933 | Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default | S | |
| CVE-2022-41934 | Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-menu-ui | E S | |
| CVE-2022-41935 | Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui | E S | |
| CVE-2022-41936 | Exposure of Private Personal Information to an Unauthorized Actor in xwiki-platform-rest-server | S | |
| CVE-2022-41937 | Missing Authorization in XWiki Platform | S | |
| CVE-2022-41938 | Cross site scripting vulnerability with discussion titles in flarum | S | |
| CVE-2022-41939 | Credential exposure when running third-party builders in knative/func | E S | |
| CVE-2022-41940 | Uncaught exception in engine.io | E S | |
| CVE-2022-41941 | glpi contains XSS Stored inside Standard Interface Help Link href attribute | | |
| CVE-2022-41942 | Sourcegraph vulnerable to Comand Injection via gitserver | S | |
| CVE-2022-41943 | Incorrect default permissions found in Sourcegraph | S | |
| CVE-2022-41944 | Discourse users can see notifications for topics they no longer have access to | S | |
| CVE-2022-41945 | Remote Code Execution (RCE) vulnerability in super-xray via URL input | E | |
| CVE-2022-41946 | TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc | E S | |
| CVE-2022-41947 | Cross-site Scripting with user-uploaded files in dhis2-core | M | |
| CVE-2022-41948 | Privilege Chaining with the user admin role in dhis2-core | | |
| CVE-2022-41949 | Semi-blind Server-Side Request Forgery in dhis2-core | S | |
| CVE-2022-41950 | Privilege Escalation Vulnerability by wrong chmod param | E | |
| CVE-2022-41951 | OroPlatform vulnerable to path traversal during temporary file manipulations | S | |
| CVE-2022-41952 | Uncontrolled Resource Consumption in Matrix Synapse | S | |
| CVE-2022-41953 | Git clone remote code execution vulnerability in git-for-windows | S | |
| CVE-2022-41954 | Temporary File Information Disclosure Vulnerability | | |
| CVE-2022-41955 | Autolab is vulnerable to remote code execution (RCE) via MOSS functionality | | |
| CVE-2022-41956 | Autolab is vulnerable to file disclosure via remote handin feature | | |
| CVE-2022-41957 | muhammara vulnerable to Unchecked Return Value to NULL Pointer Dereference | S | |
| CVE-2022-41958 | Deserialization Vulnerability by yaml config input in super-xray | E S | |
| CVE-2022-41960 | BigBlueButton contains DoS via failed authToken validation | | |
| CVE-2022-41961 | BigBlueButton subject to Ineffective user bans | S | |
| CVE-2022-41962 | BigBlueButton contains Incorrect Authorization for setting emoji status | S | |
| CVE-2022-41963 | BigBlueButton contains Improper Preservation of Permissions for whiteboard | S | |
| CVE-2022-41964 | BigBlueButton contains Response leaks in anonymous polls | S | |
| CVE-2022-41965 | Opencast Authenticated OpenRedirect Vulnerability | S | |
| CVE-2022-41966 | XStream Denial of Service via stack overflow | E M | |
| CVE-2022-41967 | Improper Restriction of XML External Entity Reference in Dragonfly | S | |
| CVE-2022-41968 | Nextcloud Server's calendar name length not validated before writing to database | S | |
| CVE-2022-41969 | Nextcloud Server has no password length limit when creating a user as an administrator | S | |
| CVE-2022-41970 | Nextcloud Server's disabled download shares still allow download through preview images | S | |
| CVE-2022-41971 | Nextcloud Talk guests can continue to receive video streams from call after being removed from a conversation | | |
| CVE-2022-41972 | Contiki-NG contains NULL Pointer Dereference in BLE L2CAP module | S | |
| CVE-2022-41973 | multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploi... | E | |
| CVE-2022-41974 | multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploi... | E | |
| CVE-2022-41975 | RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege esc... | | |
| CVE-2022-41976 | An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote att... | E | |
| CVE-2022-41977 | An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string... | E | |
| CVE-2022-41978 | WordPress Zoho CRM Lead Magnet plugin <= 1.7.5.8 - Auth. Arbitrary Options Update vulnerability | | |
| CVE-2022-41979 | Protection mechanism failure in the Intel(R) DCM software before version 5.1 may allow an authentica... | S | |
| CVE-2022-41980 | WordPress Mantenimiento web plugin <= 0.13 - Auth. Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-41981 | A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3... | E | |
| CVE-2022-41982 | Uncontrolled search path element in the Intel(R) VTune(TM) Profiler software before version 2023.0 m... | | |
| CVE-2022-41983 | BIG-IP TMM Vulnerability CVE-2022-41983 | M | |
| CVE-2022-41984 | Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition ... | | |
| CVE-2022-41985 | An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded... | E S | |
| CVE-2022-41986 | Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an... | | |
| CVE-2022-41987 | WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2022-41988 | An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality o... | E | |
| CVE-2022-41989 | CVE-2022-41989 | M | |
| CVE-2022-41990 | WordPress 3D Tag Cloud Plugin <= 3.8 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2022-41991 | A heap-based buffer overflow vulnerability exists in the m2m DELETE_FILE cmd functionality of Sirett... | E | |
| CVE-2022-41992 | A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionalit... | E | |
| CVE-2022-41993 | Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote ... | | |
| CVE-2022-41994 | Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2... | | |
| CVE-2022-41995 | WordPress Photo Gallery – Image Gallery by Ape Plugin <= 2.2.8 is vulnerable to Broken Access Control | | |
| CVE-2022-41996 | WordPress Avada premium theme <= 7.8.1 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-41997 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-41998 | Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated ... | S | |
| CVE-2022-41999 | A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO... | E |