| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-44000 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications ... | E | |
| CVE-2022-44001 | An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORB... | E | |
| CVE-2022-44002 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of use... | | |
| CVE-2022-44003 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-suppl... | E | |
| CVE-2022-44004 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authenti... | E | |
| CVE-2022-44005 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verif... | E | |
| CVE-2022-44006 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization... | E | |
| CVE-2022-44007 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session... | E | |
| CVE-2022-44008 | An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary loca... | E | |
| CVE-2022-44009 | Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions i... | | |
| CVE-2022-44010 | An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP requ... | | |
| CVE-2022-44011 | An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to... | | |
| CVE-2022-44012 | An issue was discovered in /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId in... | E | |
| CVE-2022-44013 | An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can make various API c... | E | |
| CVE-2022-44014 | An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user i... | E | |
| CVE-2022-44015 | An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can inject raw SQL que... | E | |
| CVE-2022-44016 | An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can download arbitrary... | E | |
| CVE-2022-44017 | An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due to errors in session managemen... | E | |
| CVE-2022-44018 | In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can c... | | |
| CVE-2022-44019 | In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metach... | E | |
| CVE-2022-44020 | An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changi... | S | |
| CVE-2022-44022 | PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging... | E | |
| CVE-2022-44023 | PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leverag... | E | |
| CVE-2022-44024 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scri... | | |
| CVE-2022-44025 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scri... | | |
| CVE-2022-44026 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scri... | | |
| CVE-2022-44027 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scri... | | |
| CVE-2022-44028 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scri... | | |
| CVE-2022-44029 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scri... | | |
| CVE-2022-44030 | Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to... | S | |
| CVE-2022-44031 | Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to im... | | |
| CVE-2022-44032 | An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a rac... | | |
| CVE-2022-44033 | An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a rac... | | |
| CVE-2022-44034 | An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a rac... | | |
| CVE-2022-44036 | In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file uploa... | E | |
| CVE-2022-44037 | An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA... | E | |
| CVE-2022-44038 | Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerabilit... | E | |
| CVE-2022-44039 | Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is... | E | |
| CVE-2022-44048 | The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor insert... | | |
| CVE-2022-44049 | The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inse... | | |
| CVE-2022-44050 | The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor ... | | |
| CVE-2022-44051 | The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inser... | | |
| CVE-2022-44052 | The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inser... | | |
| CVE-2022-44053 | The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor ... | | |
| CVE-2022-44054 | The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserte... | | |
| CVE-2022-44069 | Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module.... | E | |
| CVE-2022-44070 | Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles.... | E | |
| CVE-2022-44071 | Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile.... | E | |
| CVE-2022-44073 | Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts.... | E | |
| CVE-2022-44079 | pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via... | E | |
| CVE-2022-44081 | Lodepng v20220717 was discovered to contain a segmentation fault via the function pngdetail.... | E | |
| CVE-2022-44087 | ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the comp... | E | |
| CVE-2022-44088 | ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the comp... | E | |
| CVE-2022-44089 | ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the comp... | E | |
| CVE-2022-44096 | Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows att... | E | |
| CVE-2022-44097 | Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attac... | E | |
| CVE-2022-44108 | pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copy(O... | E | |
| CVE-2022-44109 | pdftojson commit 94204bb was discovered to contain a stack overflow via the component Stream::makeFi... | E | |
| CVE-2022-44117 | Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third... | | |
| CVE-2022-44118 | dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php.... | | |
| CVE-2022-44120 | dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php.... | | |
| CVE-2022-44136 | Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).... | E | |
| CVE-2022-44137 | SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection.... | E | |
| CVE-2022-44139 | Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php.... | E | |
| CVE-2022-44140 | Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.h... | E | |
| CVE-2022-44147 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-16891. Reason: This candidat... | R | |
| CVE-2022-44149 | The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS ... | E | |
| CVE-2022-44151 | Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.... | E | |
| CVE-2022-44153 | Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2022-44156 | Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind.... | E | |
| CVE-2022-44158 | Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name.... | E | |
| CVE-2022-44163 | Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.... | E | |
| CVE-2022-44167 | Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer.... | E | |
| CVE-2022-44168 | Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic..... | E | |
| CVE-2022-44169 | Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer.... | E | |
| CVE-2022-44171 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function form_fast_setting_wifi_set.... | | |
| CVE-2022-44172 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function R7WebsSecurityHandler.... | | |
| CVE-2022-44174 | Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName.... | | |
| CVE-2022-44175 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.... | | |
| CVE-2022-44176 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic.... | | |
| CVE-2022-44177 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart.... | | |
| CVE-2022-44178 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB.... | | |
| CVE-2022-44180 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter.... | | |
| CVE-2022-44183 | Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic.... | | |
| CVE-2022-44184 | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_s... | E | |
| CVE-2022-44186 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_... | E | |
| CVE-2022-44187 | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri.... | E | |
| CVE-2022-44188 | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_ban... | E | |
| CVE-2022-44190 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering.... | E | |
| CVE-2022-44191 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2.... | E | |
| CVE-2022-44193 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: startho... | E | |
| CVE-2022-44194 | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_d... | E | |
| CVE-2022-44196 | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1.... | E | |
| CVE-2022-44197 | Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.... | E | |
| CVE-2022-44198 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1.... | E | |
| CVE-2022-44199 | Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.... | E | |
| CVE-2022-44200 | Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri... | E | |
| CVE-2022-44201 | D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.... | E | |
| CVE-2022-44202 | D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow.... | E | |
| CVE-2022-44204 | D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow.... | E | |
| CVE-2022-44211 | In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices'... | | |
| CVE-2022-44212 | In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel.... | | |
| CVE-2022-44213 | ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting ... | E | |
| CVE-2022-44215 | There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to ... | E | |
| CVE-2022-44216 | Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of a... | S | |
| CVE-2022-44232 | libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt() in decompile.c unknown type may le... | | |
| CVE-2022-44235 | Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) is vulnerable to... | E | |
| CVE-2022-44236 | Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) has a Weak passw... | E | |
| CVE-2022-44244 | An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administ... | E | |
| CVE-2022-44249 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in t... | E | |
| CVE-2022-44250 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in t... | E | |
| CVE-2022-44251 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the s... | E | |
| CVE-2022-44252 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in t... | E | |
| CVE-2022-44253 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter i... | E | |
| CVE-2022-44254 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter t... | E | |
| CVE-2022-44255 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main func... | E | |
| CVE-2022-44256 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter l... | E | |
| CVE-2022-44257 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter p... | E | |
| CVE-2022-44258 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter c... | E | |
| CVE-2022-44259 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter w... | E | |
| CVE-2022-44260 | TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter s... | E | |
| CVE-2022-44261 | Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2022-44262 | ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE).... | E | |
| CVE-2022-44263 | Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Control.... | | |
| CVE-2022-44264 | Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted Service Path.... | | |
| CVE-2022-44267 | ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resiz... | E | |
| CVE-2022-44268 | ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for ... | E | |
| CVE-2022-44276 | In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE.... | E S | |
| CVE-2022-44277 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f... | E | |
| CVE-2022-44278 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/man... | E | |
| CVE-2022-44279 | Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/cre... | E | |
| CVE-2022-44280 | Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php... | E | |
| CVE-2022-44283 | AVS Audio Converter 10.3 is vulnerable to Buffer Overflow.... | E | |
| CVE-2022-44284 | Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2022-44289 | Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell.... | E | |
| CVE-2022-44290 | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in dele... | E | |
| CVE-2022-44291 | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phas... | E | |
| CVE-2022-44294 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services... | E | |
| CVE-2022-44295 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/assign_... | E | |
| CVE-2022-44296 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/quotes/manage_... | E | |
| CVE-2022-44297 | SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.... | E | |
| CVE-2022-44298 | SiteServer CMS 7.1.3 is vulnerable to SQL Injection.... | E | |
| CVE-2022-44299 | SiteServerCMS 7.1.3 sscms has a file read vulnerability.... | E | |
| CVE-2022-44303 | Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could... | E | |
| CVE-2022-44310 | In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the... | E | |
| CVE-2022-44311 | html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the function static void elm_clos... | E | |
| CVE-2022-44312 | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceInteger ... | E | |
| CVE-2022-44313 | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceUnsigned... | E | |
| CVE-2022-44314 | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrncpy function i... | E | |
| CVE-2022-44315 | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionAssign functio... | E | |
| CVE-2022-44316 | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexGetStringConstant fun... | E | |
| CVE-2022-44317 | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in... | E | |
| CVE-2022-44318 | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in... | E | |
| CVE-2022-44319 | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioBasePrintf function... | E | |
| CVE-2022-44320 | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the ExpressionCoerceFP funct... | E | |
| CVE-2022-44321 | PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the LexSkipComment function ... | E | |
| CVE-2022-44343 | CRMEB 4.4.4 is vulnerable to Any File download.... | | |
| CVE-2022-44345 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/v... | E | |
| CVE-2022-44347 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquirie... | E | |
| CVE-2022-44348 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_... | E | |
| CVE-2022-44349 | NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting (XSS).... | | |
| CVE-2022-44351 | Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/con... | E | |
| CVE-2022-44354 | SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.... | E | |
| CVE-2022-44355 | SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php.... | E | |
| CVE-2022-44356 | WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325... | E | |
| CVE-2022-44361 | An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/... | E | |
| CVE-2022-44362 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule.... | E | |
| CVE-2022-44363 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo.... | | |
| CVE-2022-44365 | Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd.... | E | |
| CVE-2022-44366 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo.... | E | |
| CVE-2022-44367 | Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo.... | E | |
| CVE-2022-44368 | NASM v2.16 was discovered to contain a null pointer deference in the NASM component... | E | |
| CVE-2022-44369 | NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c.... | E | |
| CVE-2022-44370 | NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/n... | E | |
| CVE-2022-44371 | hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE).... | E | |
| CVE-2022-44373 | A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R... | E | |
| CVE-2022-44378 | Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_me... | E | |
| CVE-2022-44379 | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f... | E | |
| CVE-2022-44380 | Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.... | E | |
| CVE-2022-44381 | Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response ... | E | |
| CVE-2022-44384 | An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code ... | E | |
| CVE-2022-44387 | EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic ... | | |
| CVE-2022-44389 | EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit A... | | |
| CVE-2022-44390 | A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute ar... | | |
| CVE-2022-44393 | Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services... | E | |
| CVE-2022-44399 | Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at ... | E | |
| CVE-2022-44400 | Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin... | E | |
| CVE-2022-44401 | Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /t... | E | |
| CVE-2022-44402 | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f... | E | |
| CVE-2022-44403 | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/man... | E | |
| CVE-2022-44411 | Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, ... | E M | |
| CVE-2022-44413 | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/mana... | E | |
| CVE-2022-44414 | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/services/manag... | E | |
| CVE-2022-44415 | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view... | E | |
| CVE-2022-44419 | In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LT... | | |
| CVE-2022-44420 | In modem, there is a possible missing verification of HashMME value in Security Mode Command. This c... | | |
| CVE-2022-44421 | In wlan driver, there is a possible missing permission check. This could lead to local In wlan drive... | | |
| CVE-2022-44422 | In music service, there is a missing permission check. This could lead to local denial of service in... | | |
| CVE-2022-44423 | In music service, there is a missing permission check. This could lead to local denial of service in... | | |
| CVE-2022-44424 | In music service, there is a missing permission check. This could lead to local denial of service in... | | |
| CVE-2022-44425 | In wlan driver, there is a possible missing bounds check. This could lead to local denial of service... | | |
| CVE-2022-44426 | In wlan driver, there is a possible missing bounds check. This could lead to local denial of service... | | |
| CVE-2022-44427 | In wlan driver, there is a possible missing bounds check. This could lead to local denial of service... | | |
| CVE-2022-44428 | In wlan driver, there is a possible missing bounds check. This could lead to local denial of service... | | |
| CVE-2022-44429 | In wlan driver, there is a possible missing bounds check. This could lead to local denial of service... | | |
| CVE-2022-44430 | In wlan driver, there is a possible missing bounds check. This could lead to local denial of service... | | |
| CVE-2022-44431 | In wlan driver, there is a possible missing bounds check. This could lead to local denial of service... | | |
| CVE-2022-44432 | In wlan driver, there is a possible missing bounds check. This could lead to local denial of service... | | |
| CVE-2022-44433 | In phoneEx service, there is a possible missing permission check. This could lead to local escalatio... | | |
| CVE-2022-44434 | In messaging service, there is a missing permission check. This could lead to local denial of servic... | | |
| CVE-2022-44435 | In messaging service, there is a missing permission check. This could lead to local denial of servic... | | |
| CVE-2022-44436 | In messaging service, there is a missing permission check. This could lead to local denial of servic... | | |
| CVE-2022-44437 | In messaging service, there is a missing permission check. This could lead to local denial of servic... | | |
| CVE-2022-44438 | In messaging service, there is a missing permission check. This could lead to local denial of servic... | | |
| CVE-2022-44439 | In messaging service, there is a missing permission check. This could lead to local denial of servic... | | |
| CVE-2022-44440 | In wlan driver, there is a possible missing bounds check. This could lead to local denial of service... | | |
| CVE-2022-44441 | In wlan driver, there is a possible missing bounds check. This could lead to local denial of service... | | |
| CVE-2022-44442 | In wlan driver, there is a possible missing bounds check, This could lead to local denial of service... | | |
| CVE-2022-44443 | In wlan driver, there is a possible missing bounds check. This could lead to local denial of service... | | |
| CVE-2022-44444 | In wlan driver, there is a possible missing bounds check. This could lead to local denial of service... | | |
| CVE-2022-44445 | In wlan driver, there is a possible missing bounds check. This could lead to local denial of service... | | |
| CVE-2022-44446 | In wlan driver, there is a possible missing bounds check. This could lead to local denial of service... | | |
| CVE-2022-44447 | In wlan driver, there is a possible null pointer dereference issue due to a missing bounds check. Th... | | |
| CVE-2022-44448 | In wlan driver, there is a possible missing params check. This could lead to local denial of service... | | |
| CVE-2022-44449 | Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote a... | | |
| CVE-2022-44450 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-44451 | A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Bab... | E | |
| CVE-2022-44452 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-44454 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-44455 | The appspawn and nwebspawn services were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. | | |
| CVE-2022-44456 | CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute... | S | |
| CVE-2022-44457 | A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), M... | S | |
| CVE-2022-44462 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-44463 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-44465 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-44466 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-44467 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-44468 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-44469 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-44470 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-44471 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-44473 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-44474 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-44488 | AEM URL Redirection to Untrusted Site Security feature bypass | | |
| CVE-2022-44498 | Adobe Illustrator Out-of-Bound Read Memory leak | S | |
| CVE-2022-44499 | Adobe Illustrator Out-of-Bound Read Memory leak | S | |
| CVE-2022-44500 | Adobe Illustrator Out-of-Bound Read Memory leak | S | |
| CVE-2022-44502 | Adobe Illustrator Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2022-44510 | AEM Reflected XSS Arbitrary code execution | | |
| CVE-2022-44512 | Acrobat Reader | Out-of-bounds Write (CWE-787) | | |
| CVE-2022-44513 | Acrobat Reader | Out-of-bounds Write (CWE-787) | | |
| CVE-2022-44514 | Acrobat Reader | Use After Free (CWE-416) | | |
| CVE-2022-44515 | Acrobat Reader | Out-of-bounds Read (CWE-125) | | |
| CVE-2022-44516 | Acrobat Reader | Out-of-bounds Read (CWE-125) | | |
| CVE-2022-44517 | Acrobat Reader | Out-of-bounds Read (CWE-125) | | |
| CVE-2022-44518 | Acrobat Reader | Use After Free (CWE-416) | | |
| CVE-2022-44519 | Acrobat Reader | Use After Free (CWE-416) | | |
| CVE-2022-44520 | Acrobat Reader | Use After Free (CWE-416) | | |
| CVE-2022-44532 | An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command lin... | | |
| CVE-2022-44533 | A vulnerability in the Aruba EdgeConnect Enterprise web management interface allows remote authentic... | | |
| CVE-2022-44534 | A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allo... | M | |
| CVE-2022-44535 | A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-based management interface allo... | M | |
| CVE-2022-44536 | Rejected reason: CVE was unused by HPE.... | R | |
| CVE-2022-44537 | Rejected reason: CVE was unused by HPE.... | R | |
| CVE-2022-44538 | Rejected reason: CVE was unused by HPE.... | R | |
| CVE-2022-44539 | Rejected reason: CVE was unused by HPE.... | R | |
| CVE-2022-44540 | Rejected reason: CVE was unused by HPE.... | R | |
| CVE-2022-44541 | Rejected reason: CVE was unused by HPE.... | R | |
| CVE-2022-44542 | lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of dese... | S | |
| CVE-2022-44543 | The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creati... | | |
| CVE-2022-44544 | Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 po... | | |
| CVE-2022-44546 | The kernel module has the vulnerability that the mapping is not cleared after the memory is automati... | | |
| CVE-2022-44547 | The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability ma... | | |
| CVE-2022-44548 | There is a vulnerability in permission verification during the Bluetooth pairing process. Successful... | | |
| CVE-2022-44549 | The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnera... | | |
| CVE-2022-44550 | The graphics display module has a UAF vulnerability when traversing graphic layers. Successful explo... | | |
| CVE-2022-44551 | The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerabil... | | |
| CVE-2022-44552 | The lock screen module has defects introduced in the design process. Successful exploitation of this... | | |
| CVE-2022-44553 | The HiView module has a vulnerability of not filtering third-party apps out when the HiView module t... | | |
| CVE-2022-44554 | The power module has a vulnerability in permission verification. Successful exploitation of this vul... | | |
| CVE-2022-44555 | The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability... | | |
| CVE-2022-44556 | Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability m... | | |
| CVE-2022-44557 | The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on ... | | |
| CVE-2022-44558 | The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitatio... | | |
| CVE-2022-44559 | The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitatio... | | |
| CVE-2022-44560 | The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnera... | | |
| CVE-2022-44561 | The preset launcher module has a permission verification vulnerability. Successful exploitation of t... | | |
| CVE-2022-44562 | The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful... | | |
| CVE-2022-44563 | There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerab... | | |
| CVE-2022-44564 | Huawei Aslan Children's Watch has a path traversal vulnerability. Successful exploitation may allow ... | | |
| CVE-2022-44565 | An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airF... | S | |
| CVE-2022-44566 | A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1... | E S | |
| CVE-2022-44567 | A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker... | | |
| CVE-2022-44569 | A locally authenticated attacker with low privileges can bypass authentication due to insecure inter... | | |
| CVE-2022-44570 | A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefull... | S | |
| CVE-2022-44571 | There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed... | S | |
| CVE-2022-44572 | A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4... | | |
| CVE-2022-44574 | An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthen... | | |
| CVE-2022-44575 | A vulnerability has been identified in PLM Help Server V4.2 (All versions). A reflected cross-site s... | | |
| CVE-2022-44576 | WordPress AgentEasy Properties plugin <= 1.0.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-44577 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-44578 | WordPress Owl Carousel plugin <= 0.5.3 - Broken Access Control vulnerability | | |
| CVE-2022-44580 | WordPress Plugin for Google Reviews Plugin <= 2.2.3 is vulnerable to SQL Injection | S | |
| CVE-2022-44581 | WordPress Defender Security plugin <= 3.3.2 - Broken Authentication vulnerability | S | |
| CVE-2022-44582 | WordPress Apptivo Business Site CRM Plugin <= 3.0.12 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-44583 | WordPress WatchTowerHQ plugin <= 3.6.15 - Unauth. Arbitrary File Download vulnerability | S | |
| CVE-2022-44584 | WordPress WatchTowerHQ plugin <= 3.6.15 - Unauth. Arbitrary File Deletion vulnerability | S | |
| CVE-2022-44585 | WordPress Homepage Pop-up Plugin <= 1.2.5 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2022-44586 | WordPress AM-HiLi plugin <= 1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-44587 | WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability | S | |
| CVE-2022-44588 | WordPress Cryptocurrency Widgets Pack Plugin <=1.8.1 is vulnerable to SQL Injection | | |
| CVE-2022-44589 | WordPress miniOrange's Google Authenticator Plugin <= 5.6.1 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2022-44590 | WordPress Simple Video Embedder plugin <= 2.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-44591 | WordPress Anthologize plugin <= 0.8.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-44593 | WordPress Solid Security plugin <= 9.3.1 - IP Spoofing Leading to Denial of Service vulnerability | S | |
| CVE-2022-44594 | WordPress All in One Time Clock Lite Plugin <= 1.3.320 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-44595 | WordPress WP2FA plugin <= 2.2.0 - Broken Authentication vulnerability | S | |
| CVE-2022-44606 | OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107... | | |
| CVE-2022-44607 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-44608 | Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a rem... | | |
| CVE-2022-44609 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-44610 | Improper authentication in the Intel(R) DCM software before version 5.1 may allow an authenticated u... | S | |
| CVE-2022-44611 | Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged u... | | |
| CVE-2022-44612 | Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an... | | |
| CVE-2022-44613 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-44614 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-44617 | A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some par... | S | |
| CVE-2022-44618 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-44619 | Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow ... | S | |
| CVE-2022-44620 | Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.... | | |
| CVE-2022-44621 | Apache Kylin: Command injection by Diagnosis Controller | S | |
| CVE-2022-44622 | In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health ... | | |
| CVE-2022-44623 | In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in th... | | |
| CVE-2022-44624 | In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log ... | | |
| CVE-2022-44625 | WordPress Cyklodev WP Notify Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-44626 | WordPress Squirrly SEO (Peaks) plugin <= 12.1.20 - Broken Access Control vulnerability | S | |
| CVE-2022-44627 | WordPress Simple SEO plugin <= 1.8.12 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-44628 | WordPress 4ECPS Web Forms plugin <= 0.2.17 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-44629 | WordPress Catalyst Connect Zoho CRM Client Portal Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-44631 | WordPress 1app Business Forms Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-44632 | WordPress Content Repeater – Custom Posts Simplified Plugin <= 1.1.13 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-44633 | WordPress YITH WooCommerce Gift Cards Premium plugin <= 3.23.1 - Unauth. Gift Card Creation Leading to Stored XSS vulnerability | S | |
| CVE-2022-44634 | WordPress S2W – Import Shopify to WooCommerce plugin <= 1.1.12 - Auth. Arbitrary File Read vulnerability | S | |
| CVE-2022-44635 | Apache Fineract allowed an authenticated user to perform remote code execution due to path traversal | | |
| CVE-2022-44636 | The Samsung TV (2021 and 2022 model) smart remote control allows attackers to enable microphone acce... | | |
| CVE-2022-44637 | Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to im... | | |
| CVE-2022-44638 | In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflo... | E S | |
| CVE-2022-44640 | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in... | | |
| CVE-2022-44641 | In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can ... | | |
| CVE-2022-44643 | Access policy with access to all tenants and using label selectors has more access | S | |
| CVE-2022-44644 | Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability | | |
| CVE-2022-44645 | Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability | | |
| CVE-2022-44646 | In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settin... | | |
| CVE-2022-44647 | An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a ... | | |
| CVE-2022-44648 | An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a ... | | |
| CVE-2022-44649 | An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro A... | | |
| CVE-2022-44650 | A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex ... | | |
| CVE-2022-44651 | A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agen... | | |
| CVE-2022-44652 | An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as... | | |
| CVE-2022-44653 | A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service... | | |
| CVE-2022-44654 | Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component... | | |
| CVE-2022-44666 | Windows Contacts Remote Code Execution Vulnerability | | |
| CVE-2022-44667 | Windows Media Remote Code Execution Vulnerability | | |
| CVE-2022-44668 | Windows Media Remote Code Execution Vulnerability | | |
| CVE-2022-44669 | Windows Error Reporting Elevation of Privilege Vulnerability | | |
| CVE-2022-44670 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | | |
| CVE-2022-44671 | Windows Graphics Component Elevation of Privilege Vulnerability | | |
| CVE-2022-44673 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | | |
| CVE-2022-44674 | Windows Bluetooth Driver Information Disclosure Vulnerability | | |
| CVE-2022-44675 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | | |
| CVE-2022-44676 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | | |
| CVE-2022-44677 | Windows Projected File System Elevation of Privilege Vulnerability | | |
| CVE-2022-44678 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-44679 | Windows Graphics Component Information Disclosure Vulnerability | | |
| CVE-2022-44680 | Windows Graphics Component Elevation of Privilege Vulnerability | | |
| CVE-2022-44681 | Windows Print Spooler Elevation of Privilege Vulnerability | | |
| CVE-2022-44682 | Windows Hyper-V Denial of Service Vulnerability | | |
| CVE-2022-44683 | Windows Kernel Elevation of Privilege Vulnerability | | |
| CVE-2022-44684 | Windows Local Session Manager (LSM) Denial of Service Vulnerability | S | |
| CVE-2022-44687 | Raw Image Extension Remote Code Execution Vulnerability | | |
| CVE-2022-44688 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | | |
| CVE-2022-44689 | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2022-44690 | Microsoft SharePoint Server Remote Code Execution Vulnerability | | |
| CVE-2022-44691 | Microsoft Office OneNote Remote Code Execution Vulnerability | | |
| CVE-2022-44692 | Microsoft Office Graphics Remote Code Execution Vulnerability | | |
| CVE-2022-44693 | Microsoft SharePoint Server Remote Code Execution Vulnerability | | |
| CVE-2022-44694 | Microsoft Office Visio Remote Code Execution Vulnerability | | |
| CVE-2022-44695 | Microsoft Office Visio Remote Code Execution Vulnerability | | |
| CVE-2022-44696 | Microsoft Office Visio Remote Code Execution Vulnerability | | |
| CVE-2022-44697 | Windows Graphics Component Elevation of Privilege Vulnerability | | |
| CVE-2022-44698 | Windows SmartScreen Security Feature Bypass Vulnerability | KEV S | |
| CVE-2022-44699 | Azure Network Watcher Agent Security Feature Bypass Vulnerability | | |
| CVE-2022-44702 | Windows Terminal Remote Code Execution Vulnerability | S | |
| CVE-2022-44704 | Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability | S | |
| CVE-2022-44707 | Windows Kernel Denial of Service Vulnerability | | |
| CVE-2022-44708 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2022-44710 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | | |
| CVE-2022-44713 | Microsoft Outlook for Mac Spoofing Vulnerability | | |
| CVE-2022-44715 | Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users t... | | |
| CVE-2022-44717 | An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 ... | | |
| CVE-2022-44718 | An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 ... | | |
| CVE-2022-44719 | An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions.... | E | |
| CVE-2022-44720 | An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, re... | E | |
| CVE-2022-44721 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2841. Reason: This issue was... | R | |
| CVE-2022-44724 | The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 all... | E S | |
| CVE-2022-44725 | OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a co... | S | |
| CVE-2022-44726 | The TouchDown Timesheet tracking component 4.1.4 for Jira allows XSS in the calendar view.... | E | |
| CVE-2022-44727 | The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for PrestaShop allows SQL Injection vi... | E | |
| CVE-2022-44729 | Apache XML Graphics Batik: Information disclosure vulnerability | | |
| CVE-2022-44730 | Apache XML Graphics Batik: Information disclosure vulnerability | | |
| CVE-2022-44731 | A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC W... | S | |
| CVE-2022-44732 | Local privilege escalation due to insecure folder permissions. The following products are affected: ... | | |
| CVE-2022-44733 | Local privilege escalation due to insecure folder permissions. The following products are affected: ... | | |
| CVE-2022-44734 | WordPress Car Rental by BestWebSoft Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-44735 | WordPress WP Clictracker Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-44736 | WordPress Chameleon plugin <= 1.4.3 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2022-44737 | WordPress All In One WP Security plugin <= 5.1.0 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | S | |
| CVE-2022-44738 | WordPress Posts and Users Stats Plugin <= 1.1.3 is vulnerable to CSV Injection | S | |
| CVE-2022-44739 | WordPress Quick Restaurant Reservations Plugin <= 1.5.4 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-44740 | WordPress Creative Mail plugin <= 1.5.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities | S | |
| CVE-2022-44741 | WordPress Testimonial Slider plugin <= 1.3.1 - Cross-Site Request Forgery (CSRF) vulnerability | | |
| CVE-2022-44742 | WordPress Community Events Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-44743 | WordPress Jobs for WordPress Plugin <= 2.5.11.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-44744 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: ... | | |
| CVE-2022-44745 | Sensitive information leak through log files. The following products are affected: Acronis Cyber Pro... | | |
| CVE-2022-44746 | Sensitive information disclosure due to insecure folder permissions. The following products are affe... | | |
| CVE-2022-44747 | Local privilege escalation due to improper soft link handling. The following products are affected: ... | | |
| CVE-2022-44748 | Uploading workflows to KNIME Server may override arbitrary file system contents | | |
| CVE-2022-44749 | Opening workflows from untrusted resources may override arbitrary file system contents | | |
| CVE-2022-44750 | HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. | | |
| CVE-2022-44751 | HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView | | |
| CVE-2022-44752 | HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView | | |
| CVE-2022-44753 | HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView | | |
| CVE-2022-44754 | HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. | | |
| CVE-2022-44755 | HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView | | |
| CVE-2022-44756 | HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation | | |
| CVE-2022-44757 | HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to weak cryptography | | |
| CVE-2022-44758 | HCL BigFix Insights for Vulnerability Remediation (IVR) is vulnerable to improper credential handling | | |
| CVE-2022-44759 | HCL Leap is affected by Cross-site scripting (XSS) | | |
| CVE-2022-44760 | HCL Leap is affected by an unrestricted upload of file with dangerous type vulnerability | | |
| CVE-2022-44784 | An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 exp... | E | |
| CVE-2022-44785 | An issue was discovered in Appalti & Contratti 9.12.2. The target web applications are subject to mu... | E | |
| CVE-2022-44786 | An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File ... | E | |
| CVE-2022-44787 | An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Refl... | E | |
| CVE-2022-44788 | An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs ... | E | |
| CVE-2022-44789 | A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 all... | S | |
| CVE-2022-44790 | Interspire Email Marketer through 6.5.1 allows SQL Injection via the surveys module. An unauthentica... | | |
| CVE-2022-44792 | handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL P... | E | |
| CVE-2022-44793 | handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a ... | E | |
| CVE-2022-44794 | An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow w... | | |
| CVE-2022-44795 | An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Serv... | | |
| CVE-2022-44796 | An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a ... | | |
| CVE-2022-44797 | btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related produ... | E S | |
| CVE-2022-44801 | D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control.... | E | |
| CVE-2022-44804 | D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function.... | E | |
| CVE-2022-44806 | D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow.... | E | |
| CVE-2022-44807 | D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString.... | E | |
| CVE-2022-44808 | A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.... | E | |
| CVE-2022-44820 | Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=transact... | E | |
| CVE-2022-44830 | Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerab... | E | |
| CVE-2022-44832 | D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerabil... | E | |
| CVE-2022-44838 | Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via t... | E | |
| CVE-2022-44840 | Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set ... | E | |
| CVE-2022-44843 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-44844 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability v... | E | |
| CVE-2022-44849 | A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to ar... | E | |
| CVE-2022-44858 | Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via t... | E | |
| CVE-2022-44859 | Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via t... | E | |
| CVE-2022-44860 | Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via t... | E | |
| CVE-2022-44870 | A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to... | E | |
| CVE-2022-44874 | wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault... | E | |
| CVE-2022-44875 | KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank ori... | E | |
| CVE-2022-44877 | login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote... | KEV E | |
| CVE-2022-44897 | A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 all... | E | |
| CVE-2022-44898 | The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCT... | E | |
| CVE-2022-44900 | A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library ... | E S | |
| CVE-2022-44910 | Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binb... | E S | |
| CVE-2022-44928 | D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maint... | E | |
| CVE-2022-44929 | An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate p... | E | |
| CVE-2022-44930 | D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System ... | E | |
| CVE-2022-44931 | Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /... | E S | |
| CVE-2022-44932 | An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Tel... | E | |
| CVE-2022-44937 | Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function un... | E | |
| CVE-2022-44938 | Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account... | E | |
| CVE-2022-44939 | Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability vi... | E | |
| CVE-2022-44940 | Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/pa... | E S | |
| CVE-2022-44942 | Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the u... | E S | |
| CVE-2022-44944 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in th... | E | |
| CVE-2022-44945 | Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id ... | E | |
| CVE-2022-44946 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in th... | E | |
| CVE-2022-44947 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in th... | E | |
| CVE-2022-44948 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in th... | E | |
| CVE-2022-44949 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in th... | E | |
| CVE-2022-44950 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in th... | E | |
| CVE-2022-44951 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in th... | E | |
| CVE-2022-44952 | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /i... | E | |
| CVE-2022-44953 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the componen... | E | |
| CVE-2022-44954 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the componen... | E | |
| CVE-2022-44955 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat fun... | E | |
| CVE-2022-44956 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the componen... | E | |
| CVE-2022-44957 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the componen... | E | |
| CVE-2022-44959 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the componen... | E | |
| CVE-2022-44960 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the componen... | E | |
| CVE-2022-44961 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the componen... | E | |
| CVE-2022-44962 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the componen... | E |