2022 CVEs
27518 CVEs published in 2022. 3563 critical, 9645 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-31491 | Critical | 10.0 | 2025-08-22 | Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbit… |
CVE-2022-46839 | Critical | 10.0 | 2024-01-05 | Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk –… |
CVE-2022-42150 | Critical | 10.0 | 2023-10-19 | TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape. |
CVE-2022-47893 | Critical | 10.0 | 2023-10-03 | There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, t… |
CVE-2022-36648 | Critical | 10.0 | 2023-08-22 | The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host q… |
CVE-2022-4361 | Critical | 10.0 | 2023-07-07 | Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerabili… |
CVE-2022-36331 | Critical | 10.0 | 2023-06-12 | Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthentica… |
CVE-2022-47190 | Critical | 10.0 | 2023-03-31 | Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary c… |
CVE-2022-43605 | Critical | 10.0 | 2023-03-16 | An out-of-bounds write vulnerability exists in the SetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c… |
CVE-2022-43604 | Critical | 10.0 | 2023-03-16 | An out-of-bounds write vulnerability exists in the GetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c… |
CVE-2022-22486 | Critical | 10.0 | 2023-02-03 | IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker cou… |
CVE-2022-45444 | Critical | 10.0 | 2023-01-18 | Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the applicati… |
CVE-2022-43931 | Critical | 10.0 | 2023-01-03 | Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execu… |
CVE-2022-4390 | Critical | 10.0 | 2022-12-09 | A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by def… |
CVE-2022-46742 | Critical | 10.0 | 2022-12-07 | Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. |
CVE-2022-46161 | Critical | 10.0 | 2022-12-06 | pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of us… |
CVE-2022-30123 | Critical | 10.0 | 2022-12-05 | A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger com… |
CVE-2022-45822 | Critical | 10.0 | 2022-12-05 | Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress. |
CVE-2022-41875 | Critical | 10.0 | 2022-11-23 | A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially… |
CVE-2022-42497 | Critical | 10.0 | 2022-11-18 | Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. |