| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2022-45003 | Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload inv... | E | |
| CVE-2022-45004 | Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a cr... | E | |
| CVE-2022-45005 | IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_... | E | |
| CVE-2022-45008 | Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vu... | E | |
| CVE-2022-45009 | Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability... | E | |
| CVE-2022-45010 | Simple Phone Book/Directory Web App v1.0 was discovered to contain a SQL injection vulnerability via... | E | |
| CVE-2022-45012 | A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attac... | | |
| CVE-2022-45013 | A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 all... | | |
| CVE-2022-45014 | A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows a... | | |
| CVE-2022-45015 | A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows a... | | |
| CVE-2022-45016 | A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows a... | | |
| CVE-2022-45017 | A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 a... | E | |
| CVE-2022-45019 | SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords param... | E | |
| CVE-2022-45020 | Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in... | E | |
| CVE-2022-45025 | Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command... | E | |
| CVE-2022-45026 | An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to exe... | E | |
| CVE-2022-45027 | perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request head... | E | |
| CVE-2022-45028 | A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute a... | E | |
| CVE-2022-45030 | A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.ph... | E | |
| CVE-2022-45033 | A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitr... | E | |
| CVE-2022-45036 | A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows a... | E | |
| CVE-2022-45037 | A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attac... | E | |
| CVE-2022-45038 | A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows att... | E | |
| CVE-2022-45039 | An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attac... | E | |
| CVE-2022-45040 | A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allo... | E | |
| CVE-2022-45041 | SQL Injection exits in xinhu < 2.5.0... | E | |
| CVE-2022-45043 | Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.... | E | |
| CVE-2022-45044 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6... | M | |
| CVE-2022-45045 | Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T... | E | |
| CVE-2022-45046 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-45047 | Apache MINA SSHD: Java unsafe deserialization vulnerability | M | |
| CVE-2022-45048 | Apache Ranger: code execution vulnerability in policy expressions | | |
| CVE-2022-45049 | Reflected XSS in Axiell Iguana CMS | S | |
| CVE-2022-45050 | Reflected XSS in Axiell Iguana CMS | S | |
| CVE-2022-45051 | Reflected POST XSS in Axiell Iguana CMS | S | |
| CVE-2022-45052 | Local File Inclusion in Axiell Iguana CMS | S | |
| CVE-2022-45059 | An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smugglin... | M | |
| CVE-2022-45060 | An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before ... | M | |
| CVE-2022-45061 | An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one pa... | E S | |
| CVE-2022-45062 | In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulner... | S | |
| CVE-2022-45063 | xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-... | E S | |
| CVE-2022-45064 | Apache Sling Engine: Include-based XSS | | |
| CVE-2022-45065 | WordPress SEO Plugin by Squirrly SEO Plugin <= 12.1.20 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-45066 | WordPress WooSwipe WooCommerce Gallery plugin <= 2.0.1 - Auth. Broken Access Control vulnerability | | |
| CVE-2022-45067 | WordPress Exclusive Addons Elementor Plugin <= 2.6.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-45068 | WordPress Mercado Pago payments for WooCommerce Plugin <= 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-45069 | WordPress Crowdsignal Dashboard plugin <= 3.0.9 - Privilege Escalation vulnerability | S | |
| CVE-2022-45070 | WordPress Conditional Checkout Fields for WooCommerce plugin <= 1.2.3 - Broken Authentication vulnerability | S | |
| CVE-2022-45071 | WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-45072 | WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-45073 | WordPress REST API Authentication plugin <= 2.4.0 - Cross-Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2022-45074 | WordPress Activity Reactions For Buddypress Plugin <= 1.0.22 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2022-45076 | WordPress Flexible Elementor Panel Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-45077 | WordPress Betheme theme <= 26.5.1.4 - Auth. PHP Object Injection vulnerability | S | |
| CVE-2022-45078 | WordPress User Blocker Plugin <= 1.5.5 is vulnerable to CSV Injection | S | |
| CVE-2022-45079 | WordPress Loginizer Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-45080 | WordPress Add Multiple Marker Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2022-45082 | WordPress Accordions plugin <= 2.0.3 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities | S | |
| CVE-2022-45083 | WordPress ProfilePress Plugin <= 4.3.2 is vulnerable to PHP Object Injection | S | |
| CVE-2022-45084 | WordPress Loginizer Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-45085 | Server-Side Request Forgery in Smartpower Web | S | |
| CVE-2022-45086 | Cross-site Scripting in Smartpower Web | S | |
| CVE-2022-45087 | Cross-site Scripting in Smartpower Web | S | |
| CVE-2022-45088 | Local File Inclusion in Smartpower Web | S | |
| CVE-2022-45089 | SQL Injection in Smartpower Web | S | |
| CVE-2022-45090 | SQL Injection in Smartpower Web | S | |
| CVE-2022-45091 | Cross-site Scripting in Smartpower Web | S | |
| CVE-2022-45092 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticate... | | |
| CVE-2022-45093 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticate... | | |
| CVE-2022-45094 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticate... | | |
| CVE-2022-45095 | Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated use... | | |
| CVE-2022-45096 | Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenti... | | |
| CVE-2022-45097 | Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low pr... | | |
| CVE-2022-45098 | Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulner... | | |
| CVE-2022-45099 | Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicio... | | |
| CVE-2022-45100 | Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerabil... | | |
| CVE-2022-45101 | Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges v... | | |
| CVE-2022-45102 | Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vuln... | | |
| CVE-2022-45103 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x con... | S | |
| CVE-2022-45104 | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x con... | S | |
| CVE-2022-45109 | Improper initialization for some Intel Unison software may allow an authenticated user to potentiall... | | |
| CVE-2022-45112 | Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authen... | | |
| CVE-2022-45113 | Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Ha... | | |
| CVE-2022-45114 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-45115 | A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.5... | E | |
| CVE-2022-45117 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-45118 | Telephony in communication subsystem sends public events with personal data, but the permission is not set. | | |
| CVE-2022-45119 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-45120 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-45121 | CVE-2022-45121 | | |
| CVE-2022-45122 | Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7... | | |
| CVE-2022-45124 | An information disclosure vulnerability exists in the User authentication functionality of WellinTec... | E | |
| CVE-2022-45125 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-45126 | Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. | | |
| CVE-2022-45127 | CVE-2022-45127 | S | |
| CVE-2022-45128 | Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticate... | S | |
| CVE-2022-45129 | Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and ... | E S | |
| CVE-2022-45130 | Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin ... | E | |
| CVE-2022-45132 | In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be ac... | E | |
| CVE-2022-45135 | Apache Cocoon: SQL injection in DatabaseCookieAuthenticatorAction | | |
| CVE-2022-45136 | Apache Jena SDB allows arbitrary deserialisation via JDBC | M | |
| CVE-2022-45137 | WAGO: Reflective Cross-Site Scripting | M | |
| CVE-2022-45138 | WAGO: Missing Authentication for Critical Function | | |
| CVE-2022-45139 | WAGO: Origin validation error through CORS misconfiguration | | |
| CVE-2022-45140 | WAGO: Missing Authentication for Critical Function | | |
| CVE-2022-45141 | Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft ... | | |
| CVE-2022-45142 | The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compil... | | |
| CVE-2022-45143 | Apache Tomcat: JsonErrorReportValve escaping | | |
| CVE-2022-45144 | Algoo Tracim before 4.4.2 allows XSS via HTML file upload.... | E S | |
| CVE-2022-45145 | egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package ins... | S | |
| CVE-2022-45146 | An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the ... | E | |
| CVE-2022-45147 | A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 (All ... | | |
| CVE-2022-45148 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2022-45149 | A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request ... | | |
| CVE-2022-45150 | A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to ins... | | |
| CVE-2022-45151 | The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization ... | | |
| CVE-2022-45152 | A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due t... | | |
| CVE-2022-45153 | saphanabootstrap-formula: Escalation to root for arbitrary users in hana/ha_cluster.sls | E | |
| CVE-2022-45154 | supportconfig does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh | E | |
| CVE-2022-45155 | obs-service-go_modules: arbitrary directory delete | E | |
| CVE-2022-45157 | Exposure of vSphere's CPI and CSI credentials in Rancher | | |
| CVE-2022-45163 | An information-disclosure vulnerability exists on select NXP devices when configured in Serial Downl... | E | |
| CVE-2022-45164 | An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application... | | |
| CVE-2022-45165 | An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application... | | |
| CVE-2022-45166 | An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application... | | |
| CVE-2022-45167 | An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application... | | |
| CVE-2022-45168 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authenti... | E | |
| CVE-2022-45169 | An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrust... | | |
| CVE-2022-45170 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur... | E | |
| CVE-2022-45171 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a Fil... | E | |
| CVE-2022-45172 | An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur ... | E | |
| CVE-2022-45173 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authenti... | E | |
| CVE-2022-45174 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authenti... | E | |
| CVE-2022-45175 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Refer... | E | |
| CVE-2022-45176 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XS... | E | |
| CVE-2022-45177 | An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepa... | | |
| CVE-2022-45178 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists un... | E | |
| CVE-2022-45179 | An issue was discovered in LIVEBOX Collaboration vDesk through v031. A basic XSS vulnerability exist... | | |
| CVE-2022-45180 | An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists un... | E | |
| CVE-2022-45182 | Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter.... | S | |
| CVE-2022-45183 | Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allo... | | |
| CVE-2022-45184 | The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal... | | |
| CVE-2022-45185 | An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload mali... | E | |
| CVE-2022-45186 | An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a ... | E | |
| CVE-2022-45188 | Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution vi... | E | |
| CVE-2022-45190 | An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can byp... | | |
| CVE-2022-45191 | An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cau... | | |
| CVE-2022-45192 | An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cau... | | |
| CVE-2022-45193 | CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of fil... | | |
| CVE-2022-45194 | CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash discl... | | |
| CVE-2022-45195 | SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function... | E S | |
| CVE-2022-45196 | Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly s... | E S | |
| CVE-2022-45197 | Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to... | S | |
| CVE-2022-45198 | Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).... | S | |
| CVE-2022-45199 | Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.... | S | |
| CVE-2022-45202 | GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function d... | E | |
| CVE-2022-45204 | GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC... | E | |
| CVE-2022-45205 | Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dic... | E | |
| CVE-2022-45206 | Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/dup... | E | |
| CVE-2022-45207 | Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNu... | E | |
| CVE-2022-45208 | Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/use... | E | |
| CVE-2022-45210 | Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/use... | E | |
| CVE-2022-45213 | perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL.... | E | |
| CVE-2022-45214 | A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers... | E | |
| CVE-2022-45215 | A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers t... | | |
| CVE-2022-45217 | A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers t... | E | |
| CVE-2022-45218 | Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulne... | | |
| CVE-2022-45221 | Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulne... | | |
| CVE-2022-45223 | Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulne... | | |
| CVE-2022-45224 | Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulne... | | |
| CVE-2022-45225 | Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerabili... | | |
| CVE-2022-45227 | The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://1... | E | |
| CVE-2022-45228 | Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the lo... | E | |
| CVE-2022-45269 | A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35... | E | |
| CVE-2022-45275 | An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Tr... | E | |
| CVE-2022-45276 | An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attacker... | E | |
| CVE-2022-45278 | Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fi... | E | |
| CVE-2022-45280 | A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allo... | E | |
| CVE-2022-45283 | GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smil_parse_time_list parameter ... | E | |
| CVE-2022-45285 | Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scrip... | E | |
| CVE-2022-45287 | An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to ... | E | |
| CVE-2022-45290 | Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component ... | E | |
| CVE-2022-45291 | PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote co... | E | |
| CVE-2022-45292 | User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be u... | E | |
| CVE-2022-45297 | EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd paramet... | E | |
| CVE-2022-45299 | An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitra... | E | |
| CVE-2022-45301 | Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authentic... | | |
| CVE-2022-45304 | Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authentic... | | |
| CVE-2022-45305 | Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authent... | | |
| CVE-2022-45306 | Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users... | | |
| CVE-2022-45307 | Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticat... | | |
| CVE-2022-45313 | Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot ... | E | |
| CVE-2022-45315 | Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp pro... | E | |
| CVE-2022-45320 | Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 ... | | |
| CVE-2022-45326 | An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.... | E S | |
| CVE-2022-45328 | Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id par... | E | |
| CVE-2022-45329 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. Thi... | E | |
| CVE-2022-45330 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at... | E | |
| CVE-2022-45331 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \po... | E | |
| CVE-2022-45332 | LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR1... | E | |
| CVE-2022-45337 | Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow via the list parameter at /gof... | E | |
| CVE-2022-45338 | An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enter... | | |
| CVE-2022-45343 | GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsT... | E S | |
| CVE-2022-45347 | Apache ShardingSphere-Proxy: MySQL authentication bypass | | |
| CVE-2022-45348 | WordPress amr users Plugin <= 4.59.4 is vulnerable to CSV Injection | | |
| CVE-2022-45349 | WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability | S | |
| CVE-2022-45350 | WordPress Simple History Plugin <= 3.3.1 is vulnerable to CSV Injection | S | |
| CVE-2022-45351 | WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability | S | |
| CVE-2022-45352 | WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability | S | |
| CVE-2022-45353 | WordPress Betheme theme <= 26.6.1 is vulnerable to Broken Access Control | S | |
| CVE-2022-45354 | WordPress Download Monitor Plugin <= 4.7.60 is vulnerable to Sensitive Data Exposure | S | |
| CVE-2022-45355 | WordPress WP Pipes Plugin <= 1.33 is vulnerable to SQL Injection (SQLi) | S | |
| CVE-2022-45356 | WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability | S | |
| CVE-2022-45357 | WordPress 1003 Mortgage Application Plugin <= 1.75 is vulnerable to CSV Injection | S | |
| CVE-2022-45358 | WordPress Activello Theme <= 1.4.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-45359 | WordPress YITH WooCommerce Gift Cards Premium Plugin <= 3.19.0 is vulnerable to Arbitrary File Upload | S | |
| CVE-2022-45360 | WordPress Commenter Emails Plugin <= 2.6.1 is vulnerable to CSV Injection | | |
| CVE-2022-45361 | WordPress 0mk Shortener Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-45362 | WordPress Paytm Payment Gateway Plugin <= 2.7.0 is vulnerable to Server Side Request Forgery (SSRF) | S | |
| CVE-2022-45363 | WordPress Betheme premium theme <= 26.6.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-45364 | WordPress Drag and Drop Multiple File Upload – Contact Form 7 Plugin <= 1.3.6.5 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-45365 | WordPress Stock Ticker Plugin <= 3.23.2 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-45366 | WordPress Slimstat Analytics Plugin <= 5.0.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-45367 | WordPress Custom Order Numbers for WooCommerce Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-45368 | WordPress 1003 Mortgage Application plugin <= 1.75 - Local File Inclusion | S | |
| CVE-2022-45369 | WordPress Plugin for Google Reviews plugin <= 2.2.2 - Auth. Broken Access Control vulnerability | S | |
| CVE-2022-45370 | WordPress WordPress Comments Import & Export Plugin <= 2.3.1 is vulnerable to CSV Injection | S | |
| CVE-2022-45371 | WordPress ShopEngine Plugin <= 4.1.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-45372 | WordPress Product Gallery Slider for WooCommerce Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-45373 | WordPress Slimstat Analytics Plugin <= 5.0.4 is vulnerable to SQL Injection | S | |
| CVE-2022-45374 | WordPress Yet Another Related Posts Plugin (YARPP) plugin <= 5.30.4 - Local File Inclusion | S | |
| CVE-2022-45375 | WordPress iFeature Slider plugin <= 1.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | | |
| CVE-2022-45376 | WordPress Side Cart Woocommerce (Ajax) Plugin < 2.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-45377 | WordPress Drag and Drop Multiple File Upload for WooCommerce Plugin <= 1.0.8 is vulnerable to Multiple Vulnerabilities | S | |
| CVE-2022-45378 | Apache SOAP allows unauthenticated users to potentially invoke arbitrary code | | |
| CVE-2022-45379 | Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as th... | | |
| CVE-2022-45380 | Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to ... | | |
| CVE-2022-45381 | Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix... | | |
| CVE-2022-45382 | Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds... | | |
| CVE-2022-45383 | An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows... | | |
| CVE-2022-45384 | Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in ... | | |
| CVE-2022-45385 | A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and ea... | | |
| CVE-2022-45386 | Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML extern... | | |
| CVE-2022-45387 | Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before render... | | |
| CVE-2022-45388 | Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an ... | | |
| CVE-2022-45389 | A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers... | | |
| CVE-2022-45390 | A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with Overa... | | |
| CVE-2022-45391 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditio... | | |
| CVE-2022-45392 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencr... | | |
| CVE-2022-45393 | A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allow... | | |
| CVE-2022-45394 | A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/R... | | |
| CVE-2022-45395 | Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity... | | |
| CVE-2022-45396 | Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML extern... | | |
| CVE-2022-45397 | Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser ... | | |
| CVE-2022-45398 | A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and ear... | | |
| CVE-2022-45399 | A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers t... | | |
| CVE-2022-45400 | Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entit... | | |
| CVE-2022-45401 | Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulti... | | |
| CVE-2022-45402 | Apache Airflow: Open redirect during login | S | |
| CVE-2022-45403 | Service Workers should not be able to infer information about opaque cross-origin responses; but tim... | | |
| CVE-2022-45404 | Through a series of popup and window.print() calls, an attacker can cause a window to g... | | |
| CVE-2022-45405 | Freeing arbitrary nsIInputStream's on a different thread than creation could have led t... | | |
| CVE-2022-45406 | If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be ... | | |
| CVE-2022-45407 | If an attacker loaded a font using FontFace() on a background worker, a use-after-free ... | | |
| CVE-2022-45408 | Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen wi... | | |
| CVE-2022-45409 | The garbage collector could have been aborted in several states and zones and GCRuntime::finis... | | |
| CVE-2022-45410 | When a ServiceWorker intercepted a request with FetchEvent, the origin of the request w... | | |
| CVE-2022-45411 | Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an X... | | |
| CVE-2022-45412 | When resolving a symlink such as file:///proc/self/fd/1, an error message may be produc... | | |
| CVE-2022-45413 | Using the S.browser_fallback_url parameter parameter, an attacker could redirect a user... | | |
| CVE-2022-45414 | If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email... | | |
| CVE-2022-45415 | When downloading an HTML file, if the title of the page was formatted as a filename with a malicious... | | |
| CVE-2022-45416 | Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses... | | |
| CVE-2022-45417 | Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to... | | |
| CVE-2022-45418 | If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been... | | |
| CVE-2022-45419 | If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connect... | | |
| CVE-2022-45420 | Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside... | | |
| CVE-2022-45421 | Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thund... | | |
| CVE-2022-45422 | When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack... | | |
| CVE-2022-45423 | Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An... | S | |
| CVE-2022-45424 | Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An a... | S | |
| CVE-2022-45425 | Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attac... | S | |
| CVE-2022-45426 | Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining ... | S | |
| CVE-2022-45427 | Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining th... | S | |
| CVE-2022-45428 | Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining ... | S | |
| CVE-2022-45429 | Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker... | S | |
| CVE-2022-45430 | Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service.... | S | |
| CVE-2022-45431 | Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. A... | S | |
| CVE-2022-45432 | Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypas... | S | |
| CVE-2022-45433 | Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS... | S | |
| CVE-2022-45434 | Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on r... | S | |
| CVE-2022-45435 | SailPoint IdentityIQ Access Control Bypass | M | |
| CVE-2022-45436 | Stored cross-site scripting vulnerability in network maps editor feature | S | |
| CVE-2022-45437 | Stored cross-site scripting vulnerability in the reporting dashboard module | S | |
| CVE-2022-45438 | Apache Superset: Dashboard metadata information leak | | |
| CVE-2022-45439 | A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware... | | |
| CVE-2022-45440 | A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, w... | | |
| CVE-2022-45441 | A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00(AAR... | | |
| CVE-2022-45442 | Sinatra vulnerable to Reflected File Download attack | E S | |
| CVE-2022-45444 | CVE-2022-45444 | M | |
| CVE-2022-45447 | Path Traversal in M4 PDF plugin for Prestashop sites | | |
| CVE-2022-45448 | Cross-site Scripting in M4 PDF plugin for Prestashop sites | | |
| CVE-2022-45449 | Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The followin... | | |
| CVE-2022-45450 | Sensitive information disclosure and manipulation due to improper authorization. The following produ... | | |
| CVE-2022-45451 | Local privilege escalation due to insecure driver communication port permissions. The following prod... | | |
| CVE-2022-45452 | Local privilege escalation due to insecure folder permissions. The following products are affected: ... | | |
| CVE-2022-45453 | TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (W... | | |
| CVE-2022-45454 | Sensitive information disclosure due to insecure folder permissions. The following products are affe... | | |
| CVE-2022-45455 | Local privilege escalation due to incomplete uninstallation cleanup. The following products are affe... | | |
| CVE-2022-45456 | Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis ... | | |
| CVE-2022-45457 | Sensitive information disclosure and manipulation due to improper certification validation. The foll... | | |
| CVE-2022-45458 | Sensitive information disclosure and manipulation due to improper certification validation. The foll... | | |
| CVE-2022-45459 | Sensitive information disclosure due to insecure registry permissions. The following products are af... | | |
| CVE-2022-45460 | Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T... | E | |
| CVE-2022-45461 | The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and U... | | |
| CVE-2022-45462 | Apache DolphinScheduler prior to 2.0.5 have command execution vulnerability | | |
| CVE-2022-45468 | CVE-2022-45468 | | |
| CVE-2022-45469 | Improper input validation for some Intel Unison software may allow an authenticated user to potentia... | | |
| CVE-2022-45470 | Apache Hama allows XSS and information disclosure | | |
| CVE-2022-45471 | In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email... | | |
| CVE-2022-45472 | CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ... | | |
| CVE-2022-45473 | In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666.... | E S | |
| CVE-2022-45474 | drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request.... | E S | |
| CVE-2022-45475 | Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application'... | E | |
| CVE-2022-45476 | Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, ins... | E | |
| CVE-2022-45477 | Telepad allows remote unauthenticated users to send instructions to the server to execute arbitrary ... | | |
| CVE-2022-45478 | Telepad allows an attacker (in a man-in-the-middle position between the server and a connected devic... | | |
| CVE-2022-45479 | PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitr... | | |
| CVE-2022-45480 | PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server ... | | |
| CVE-2022-45481 | The default configuration of Lazy Mouse does not require a password, allowing remote unauthenticated... | | |
| CVE-2022-45482 | Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing ... | | |
| CVE-2022-45483 | Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected de... | | |
| CVE-2022-45484 | A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V1... | | |
| CVE-2022-45491 | Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a... | | |
| CVE-2022-45492 | Buffer overflow vulnerability in function json_parse_number in sheredom json.h before commit 0825301... | | |
| CVE-2022-45493 | Buffer overflow vulnerability in function json_parse_key in sheredom json.h before commit 0825301a07... | | |
| CVE-2022-45494 | Buffer overflow vulnerability in function json_parse_object in sheredom json.h before commit 0825301... | E S | |
| CVE-2022-45496 | Buffer overflow vulnerability in function json_parse_string in sheredom json.h before commit 0825301... | | |
| CVE-2022-45497 | Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_... | E | |
| CVE-2022-45498 | An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) ... | E | |
| CVE-2022-45499 | Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /g... | E | |
| CVE-2022-45501 | Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /g... | E | |
| CVE-2022-45503 | Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /gof... | E | |
| CVE-2022-45504 | An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(5... | E | |
| CVE-2022-45505 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /... | E | |
| CVE-2022-45506 | Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNa... | E | |
| CVE-2022-45507 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter a... | E | |
| CVE-2022-45508 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter a... | E | |
| CVE-2022-45509 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /g... | E | |
| CVE-2022-45510 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index paramete... | E | |
| CVE-2022-45511 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the PPPOEPassword parameter... | E | |
| CVE-2022-45512 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /gofo... | E | |
| CVE-2022-45513 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /gofo... | E | |
| CVE-2022-45514 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /gofo... | E | |
| CVE-2022-45515 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the entries parameter at /g... | E | |
| CVE-2022-45516 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /gofo... | E | |
| CVE-2022-45517 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /gofo... | E | |
| CVE-2022-45518 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /gofo... | E | |
| CVE-2022-45519 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform... | E | |
| CVE-2022-45520 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /gofo... | E | |
| CVE-2022-45521 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /gofo... | E | |
| CVE-2022-45522 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /gofo... | E | |
| CVE-2022-45523 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /gofo... | E | |
| CVE-2022-45524 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /g... | E | |
| CVE-2022-45525 | Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at... | E | |
| CVE-2022-45526 | SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attac... | E | |
| CVE-2022-45527 | File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unautho... | E | |
| CVE-2022-45529 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id para... | E | |
| CVE-2022-45535 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \ad... | E | |
| CVE-2022-45536 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admi... | E | |
| CVE-2022-45537 | EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST... | E | |
| CVE-2022-45538 | EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBA... | E | |
| CVE-2022-45539 | EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" w... | E | |
| CVE-2022-45540 | EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name... | E | |
| CVE-2022-45541 | EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST va... | E | |
| CVE-2022-45542 | EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filen... | E | |
| CVE-2022-45543 | Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code v... | | |
| CVE-2022-45544 | Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arb... | E | |
| CVE-2022-45546 | Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application all... | E | |
| CVE-2022-45548 | AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability.... | E | |
| CVE-2022-45550 | AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE).... | E | |
| CVE-2022-45551 | An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers t... | | |
| CVE-2022-45552 | An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 ... | E | |
| CVE-2022-45553 | An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker t... | E | |
| CVE-2022-45557 | Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to ... | E | |
| CVE-2022-45558 | Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to ... | E | |
| CVE-2022-45562 | Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate... | E | |
| CVE-2022-45564 | SQL Injection vulnerability in znfit Home improvement ERP management system V50_20220207,v42 allows ... | E | |
| CVE-2022-45582 | Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url paramete... | S | |
| CVE-2022-45586 | Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attac... | E | |
| CVE-2022-45587 | Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers... | E | |
| CVE-2022-45588 | All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML Exter... | | |
| CVE-2022-45589 | All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentiall... | | |
| CVE-2022-45597 | ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider th... | | |
| CVE-2022-45598 | Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute a... | S | |
| CVE-2022-45599 | Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /v... | E | |
| CVE-2022-45600 | Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices improperly manage sessions, which all... | E | |
| CVE-2022-45608 | An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gai... | | |
| CVE-2022-45611 | An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated pr... | | |
| CVE-2022-45613 | Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerabili... | E | |
| CVE-2022-45614 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-4228. Reason: This candidate... | R | |
| CVE-2022-45634 | An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows authenticate... | E | |
| CVE-2022-45635 | An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to ... | E | |
| CVE-2022-45636 | An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to ... | E | |
| CVE-2022-45637 | An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1... | | |
| CVE-2022-45639 | OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrar... | E | |
| CVE-2022-45640 | Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local).... | E | |
| CVE-2022-45641 | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg.... | E | |
| CVE-2022-45643 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in... | E | |
| CVE-2022-45644 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in... | E | |
| CVE-2022-45645 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter i... | E | |
| CVE-2022-45646 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp paramete... | E | |
| CVE-2022-45647 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter ... | E | |
| CVE-2022-45648 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in ... | E | |
| CVE-2022-45649 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in th... | E | |
| CVE-2022-45650 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter ... | E | |
| CVE-2022-45651 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the... | E | |
| CVE-2022-45652 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in ... | E | |
| CVE-2022-45653 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the... | E | |
| CVE-2022-45654 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the... | E | |
| CVE-2022-45655 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in... | E | |
| CVE-2022-45656 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the... | E | |
| CVE-2022-45657 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the... | E | |
| CVE-2022-45658 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime paramete... | E | |
| CVE-2022-45659 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto paramet... | E | |
| CVE-2022-45660 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parame... | E | |
| CVE-2022-45661 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the... | E | |
| CVE-2022-45663 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the ... | E | |
| CVE-2022-45664 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the f... | E | |
| CVE-2022-45665 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the funcpara1 parameter in ... | E | |
| CVE-2022-45666 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the f... | E | |
| CVE-2022-45667 | Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysTool... | E | |
| CVE-2022-45668 | Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysTool... | E | |
| CVE-2022-45669 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the ... | E | |
| CVE-2022-45670 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ping1 parameter in the ... | E | |
| CVE-2022-45671 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in th... | E | |
| CVE-2022-45672 | Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet fun... | E | |
| CVE-2022-45673 | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysTo... | E | |
| CVE-2022-45674 | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysTo... | E | |
| CVE-2022-45677 | SQL Injection Vulnerability in tanujpatra228 Tution Management System (TMS) via the email parameter ... | E | |
| CVE-2022-45685 | A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via c... | E | |
| CVE-2022-45688 | A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause ... | E | |
| CVE-2022-45689 | hutool-json v5.8.10 was discovered to contain an out of memory error.... | E | |
| CVE-2022-45690 | A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.java component of hutool-json v5... | E | |
| CVE-2022-45693 | Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulner... | E | |
| CVE-2022-45697 | Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Ac... | | |
| CVE-2022-45699 | Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote un... | E | |
| CVE-2022-45701 | Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility fe... | E | |
| CVE-2022-45703 | Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_sectio... | E | |
| CVE-2022-45706 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the hostname parameter... | | |
| CVE-2022-45707 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in... | | |
| CVE-2022-45708 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the sPortMapIndex para... | | |
| CVE-2022-45709 | IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection vulnerabilities v... | | |
| CVE-2022-45710 | IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pEnable, p... | | |
| CVE-2022-45711 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the ho... | E | |
| CVE-2022-45712 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in... | | |
| CVE-2022-45714 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter... | | |
| CVE-2022-45715 | IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pLanPortRa... | | |
| CVE-2022-45716 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter... | | |
| CVE-2022-45717 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the us... | | |
| CVE-2022-45718 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in... | | |
| CVE-2022-45719 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the gotoUrl parameter ... | | |
| CVE-2022-45720 | IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the ip, mac, a... | | |
| CVE-2022-45721 | IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the picName parameter ... | | |
| CVE-2022-45722 | ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (XSS) vulnerability.... | | |
| CVE-2022-45724 | Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same ne... | E | |
| CVE-2022-45725 | Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same n... | E | |
| CVE-2022-45728 | Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) v... | | |
| CVE-2022-45729 | A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows att... | | |
| CVE-2022-45730 | A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows att... | | |
| CVE-2022-45748 | An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::Extr... | E | |
| CVE-2022-45755 | Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary cod... | E | |
| CVE-2022-45756 | SENS v1.0 is vulnerable to Cross Site Scripting (XSS).... | | |
| CVE-2022-45758 | SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzhao.sens.web.controller.admin, ... | E | |
| CVE-2022-45759 | SENS v1.0 has a file upload vulnerability.... | E | |
| CVE-2022-45760 | SENS v1.0 is vulnerable to Incorrect Access Control vulnerability.... | E | |
| CVE-2022-45766 | Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed... | | |
| CVE-2022-45768 | Command Injection vulnerability in Edimax Technology Co., Ltd. Wireless Router N300 Firmware BR428nS... | E | |
| CVE-2022-45769 | A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 allows attackers to execute arb... | E | |
| CVE-2022-45770 | Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows loc... | S | |
| CVE-2022-45771 | An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and e... | E | |
| CVE-2022-45778 | https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect Ac... | | |
| CVE-2022-45781 | Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbi... | | |
| CVE-2022-45782 | An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptog... | | |
| CVE-2022-45783 | An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vul... | | |
| CVE-2022-45786 | Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection | | |
| CVE-2022-45787 | Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider | | |
| CVE-2022-45788 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could caus... | S | |
| CVE-2022-45789 | A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution o... | S | |
| CVE-2022-45790 | Omron FINS memory protection susceptible to bruteforce | | |
| CVE-2022-45791 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2022-45792 | Directory Traversal in Project File Format allows overwrite (Zip Slip) | | |
| CVE-2022-45793 | Executable files writable by low-privileged users in Omron Sysmac Studio | | |
| CVE-2022-45794 | Omron CJ-series and CS-series unauthenticated filesystem access. | | |
| CVE-2022-45795 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2022-45796 | SHARP Multifunction Printer - Command Injection | M | |
| CVE-2022-45797 | An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex ... | | |
| CVE-2022-45798 | A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Tr... | | |
| CVE-2022-45801 | Apache StreamPark (incubating): LDAP Injection Vulnerability | | |
| CVE-2022-45802 | Apache StreamPark (incubating): Upload any file to any directory | | |
| CVE-2022-45803 | WordPress Gutenberg Forms plugin <= 2.2.8.3 - Auth. Broken Access Control vulnerability | S | |
| CVE-2022-45804 | WordPress Robo Gallery Plugin <= 3.2.9 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-45805 | WordPress Paytm Payment Gateway Plugin <= 2.7.3 is vulnerable to SQL Injection | S | |
| CVE-2022-45806 | WordPress Formidable Forms plugin <= 5.5.4 - Broken Access Control vulnerability | S | |
| CVE-2022-45807 | WordPress WP Mail Log Plugin <= 1.0.1 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-45808 | WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection | E S | |
| CVE-2022-45809 | WordPress Thumbs Rating Plugin <= 5.0.0 is vulnerable to Race Condition | | |
| CVE-2022-45810 | WordPress Email Subscribers & Newsletters Plugin <= 5.5.2 is vulnerable to CSV Injection | S | |
| CVE-2022-45811 | WordPress Post Teaser plugin <= 4.1.5 - Auth. Broken Access Control vulnerability | | |
| CVE-2022-45812 | WordPress Exxp Plugin <= 2.6.8 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-45814 | WordPress WP Calendar Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-45815 | WordPress GDPR Compliance & Cookie Consent Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2022-45816 | WordPress GD bbPress Attachments Plugin <= 4.3.1 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-45817 | WordPress GC Testimonials Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-45818 | WordPress Hero Banner Ultimate Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-45819 | WordPress Popup Maker plugin <= 1.17.1 - Broken Access Control vulnerability | S | |
| CVE-2022-45820 | WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL Injection | E S | |
| CVE-2022-45821 | WordPress NOO Timetable Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-45822 | WordPress Advanced Booking Calendar Plugin <= 1.7.1 is vulnerable to SQL Injection | | |
| CVE-2022-45823 | WordPress Video Contest WordPress Plugin Plugin <= 3.2 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2022-45824 | WordPress Advanced Booking Calendar Plugin <= 1.7.1 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2022-45825 | WordPress WPComplete Plugin <= 2.9.4 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-45826 | WordPress Sunshine Photo Cart plugin <= 2.9.13 - Auth. Broken Access Control vulnerability | S | |
| CVE-2022-45827 | WordPress Video Contest WordPress Plugin Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-45828 | WordPress NOO Timetable Plugin <= 2.1.3 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2022-45829 | WordPress Easy WP SMTP Plugin <= 1.5.1 is vulnerable to Arbitrary File Deletion | S | |
| CVE-2022-45830 | WordPress Analytify - Google Analytics Dashboard plugin <= 4.2.3 - Privilege Escalation vulnerability | S | |
| CVE-2022-45831 | WordPress Image Hover Effects - Caption Hover with Carousel Plugin <= 2.8 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-45832 | WordPress Attorney theme <= 3 - Unauth. Arbitrary Content Deletion vulnerability | | |
| CVE-2022-45833 | WordPress Easy WP SMTP Plugin <= 1.5.1 is vulnerable to Directory Traversal | S | |
| CVE-2022-45835 | WordPress PhonePe Payment Solutions Plugin <= 1.0.15 is vulnerable to Server Side Request Forgery (SSRF) | S | |
| CVE-2022-45836 | WordPress Download Manager Plugin <= 3.2.59 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-45837 | WordPress 微信机器人高级版 Plugin <= 6.0.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-45838 | WordPress ARForms Form Builder Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-45839 | WordPress WHA Puzzle Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2022-45840 | WordPress Auto Affiliate Links plugin <= 6.2.1.5 - Unauth. Broken Access Control vulnerability | S | |
| CVE-2022-45841 | WordPress Robo Gallery plugin <= 3.2.9 - Auth. Broken Access Control vulnerability | S | |
| CVE-2022-45842 | WordPress WP ULike Plugin <= 4.6.4 is vulnerable to Race Condition vulnerability | S | |
| CVE-2022-45843 | WordPress Smart Slider 3 Plugin <= 3.5.1.9 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-45845 | WordPress Smart Slider 3 Plugin <= 3.5.1.9 is vulnerable to PHP Object Injection | S | |
| CVE-2022-45846 | WordPress Image Map Pro Plugin < 5.6.9 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2022-45847 | WordPress Countdown Widget plugin <= 3.1.9.1 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) | S | |
| CVE-2022-45848 | WordPress Contest Gallery Plugin <= 13.1.0.9 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2022-45849 | WordPress Activello Theme <= 1.4.4 is vulnerable to Cross Site Scripting (XSS) | E | |
| CVE-2022-45850 | WordPress Image Map Pro premium plugin < 5.6.9 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) | S | |
| CVE-2022-45851 | WordPress ShareThis Dashboard for Google Analytics plugin <= 3.1.4 - Broken Access Control vulnerability | S | |
| CVE-2022-45852 | WordPress WP-FormAssembly plugin <= 2.0.5 - Auth. Arbitrary File Read vulnerability | S | |
| CVE-2022-45853 | The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and th... | | |
| CVE-2022-45854 | An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0... | S | |
| CVE-2022-45855 | Apache Ambari: Allows authenticated metrics consumers to perform RCE | | |
| CVE-2022-45856 | An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7... | S | |
| CVE-2022-45857 | An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDO... | S | |
| CVE-2022-45858 | A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 a... | S | |
| CVE-2022-45859 | An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 ... | S | |
| CVE-2022-45860 | A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 a... | S | |
| CVE-2022-45861 | An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS... | S | |
| CVE-2022-45862 | An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below,... | S | |
| CVE-2022-45863 | Rejected reason: Not used... | R | |
| CVE-2022-45864 | Rejected reason: Not used... | R | |
| CVE-2022-45865 | Rejected reason: Not used... | R | |
| CVE-2022-45866 | qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and o... | E S | |
| CVE-2022-45867 | MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages module allows remote authentic... | S | |
| CVE-2022-45868 | The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the... | E | |
| CVE-2022-45869 | A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users ... | E S | |
| CVE-2022-45871 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2022-45872 | iTerm2 before 3.4.18 mishandles a DECRQSS response.... | | |
| CVE-2022-45873 | systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash ... | S | |
| CVE-2022-45874 | Huawei Aslan Children's Watch has an improper authorization vulnerability. Successful exploit could ... | | |
| CVE-2022-45875 | Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin | | |
| CVE-2022-45876 | CVE-2022-45876 | S | |
| CVE-2022-45877 | PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. | | |
| CVE-2022-45878 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2022-45883 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2022-45884 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use... | | |
| CVE-2022-45885 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has... | | |
| CVE-2022-45886 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .d... | S | |
| CVE-2022-45887 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c h... | | |
| CVE-2022-45888 | An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a ra... | | |
| CVE-2022-45889 | Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain ac... | E | |
| CVE-2022-45890 | In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scripting (XSS) vulnerability exists via... | E | |
| CVE-2022-45891 | Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform unauthen... | E | |
| CVE-2022-45892 | In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exis... | E | |
| CVE-2022-45893 | Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and h... | E | |
| CVE-2022-45894 | GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary lo... | E | |
| CVE-2022-45895 | Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable... | E | |
| CVE-2022-45896 | Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / ... | | |
| CVE-2022-45897 | On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server se... | | |
| CVE-2022-45907 | In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execut... | E S | |
| CVE-2022-45908 | In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection becau... | E S | |
| CVE-2022-45909 | drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE ... | S | |
| CVE-2022-45910 | Apache ManifoldCF: LDAP Injection Vulnerability - ActiveDirectory Authorities | | |
| CVE-2022-45911 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login pag... | | |
| CVE-2022-45912 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occu... | | |
| CVE-2022-45913 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in we... | | |
| CVE-2022-45914 | The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transc... | E | |
| CVE-2022-45915 | ILIAS before 7.16 allows OS Command Injection.... | E | |
| CVE-2022-45916 | ILIAS before 7.16 allows XSS.... | E | |
| CVE-2022-45917 | ILIAS before 7.16 has an Open Redirect.... | E | |
| CVE-2022-45918 | ILIAS before 7.16 allows External Control of File Name or Path.... | E | |
| CVE-2022-45919 | An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221... | | |
| CVE-2022-45920 | In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memo... | | |
| CVE-2022-45921 | FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved usi... | | |
| CVE-2022-45922 | An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler ... | E | |
| CVE-2022-45923 | An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway I... | E | |
| CVE-2022-45924 | An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtem... | E | |
| CVE-2022-45925 | An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport... | E | |
| CVE-2022-45926 | An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.... | E | |
| CVE-2022-45927 | An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application... | E | |
| CVE-2022-45928 | A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.180... | E | |
| CVE-2022-45929 | Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Ac... | | |
| CVE-2022-45930 | A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h... | E S | |
| CVE-2022-45931 | A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h... | S | |
| CVE-2022-45932 | A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h... | E S | |
| CVE-2022-45933 | KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrap... | E | |
| CVE-2022-45934 | An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_... | S | |
| CVE-2022-45935 | Apache James server: Temporary File Information Disclosure | | |
| CVE-2022-45936 | A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected vers... | S | |
| CVE-2022-45937 | A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE P... | S | |
| CVE-2022-45938 | An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can in... | E | |
| CVE-2022-45939 | GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of ... | S | |
| CVE-2022-45942 | A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijia... | E | |
| CVE-2022-45956 | Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on ... | E | |
| CVE-2022-45957 | ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack... | E | |
| CVE-2022-45962 | Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL In... | E S | |
| CVE-2022-45963 | h3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability.... | | |
| CVE-2022-45966 | here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5... | E | |
| CVE-2022-45968 | Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any fi... | E | |
| CVE-2022-45969 | Alist v3.4.0 is vulnerable to Directory Traversal,... | E S | |
| CVE-2022-45970 | Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.... | E | |
| CVE-2022-45977 | Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFil... | E | |
| CVE-2022-45979 | Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /gof... | E | |
| CVE-2022-45980 | Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform... | E | |
| CVE-2022-45982 | thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability a... | E | |
| CVE-2022-45988 | starsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary comma... | E | |
| CVE-2022-45990 | A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website ... | E | |
| CVE-2022-45995 | There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnera... | E | |
| CVE-2022-45996 | Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.... | E | |
| CVE-2022-45997 | Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.... | E |