2022 CVEs

27518 CVEs published in 2022. 3563 critical, 9645 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2022
CVESeverityScorePublishedSummary
CVE-2022-31491Critical10.02025-08-22Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbit…
CVE-2022-46839Critical10.02024-01-05Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk –…
CVE-2022-42150Critical10.02023-10-19TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.
CVE-2022-47893Critical10.02023-10-03There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, t…
CVE-2022-36648Critical10.02023-08-22The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host q…
CVE-2022-4361Critical10.02023-07-07Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerabili…
CVE-2022-36331Critical10.02023-06-12Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthentica…
CVE-2022-47190Critical10.02023-03-31Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary c…
CVE-2022-43605Critical10.02023-03-16An out-of-bounds write vulnerability exists in the SetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c…
CVE-2022-43604Critical10.02023-03-16An out-of-bounds write vulnerability exists in the GetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c…
CVE-2022-22486Critical10.02023-02-03IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker cou…
CVE-2022-45444Critical10.02023-01-18Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the applicati…
CVE-2022-43931Critical10.02023-01-03Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execu…
CVE-2022-4390Critical10.02022-12-09A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by def…
CVE-2022-46742Critical10.02022-12-07Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.
CVE-2022-46161Critical10.02022-12-06pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of us…
CVE-2022-30123Critical10.02022-12-05A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger com…
CVE-2022-45822Critical10.02022-12-05Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.
CVE-2022-41875Critical10.02022-11-23A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially…
CVE-2022-42497Critical10.02022-11-18Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress.