CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2022-30337 Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta SEO plugin <= 4.4.8 at WordPress allows an attacker to update the social settings. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-35899 There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe ... | 7.8 | HIGH | — | 0 |
| CVE-2022-30536 Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress. | 3.4 | LOW | — | 0 |
| CVE-2022-33198 Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34487 Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-20891 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-0971 Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted... | 8.8 | HIGH | — | 0 |
| CVE-2022-0972 Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML ... | 8.8 | HIGH | — | 0 |
| CVE-2022-0973 Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 9.6 | CRITICAL | — | 0 |
| CVE-2022-0974 Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corr... | 8.8 | HIGH | — | 0 |
| CVE-2022-0975 Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2022-0976 Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2022-2139 The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-0977 Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corru... | 9.6 | CRITICAL | — | 0 |
| CVE-2022-20892 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-20893 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-20894 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-2142 The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. | 8.1 | HIGH | — | 0 |
| CVE-2022-20895 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-20896 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-20897 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-20898 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-20899 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-20900 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-20901 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-20902 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-20903 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-20904 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-20906 Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validati... | 6.0 | MEDIUM | — | 0 |
| CVE-2022-20907 Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validati... | 6.0 | MEDIUM | — | 0 |
| CVE-2022-20908 Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validati... | 6.0 | MEDIUM | — | 0 |
| CVE-2022-20909 Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validati... | 6.0 | MEDIUM | — | 0 |
| CVE-2022-20910 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-20911 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-20912 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-1539 The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE func... | 8.8 | HIGH | — | 0 |
| CVE-2022-20916 A vulnerability in the web-based management interface of Cisco IoT Control Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the i... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-2493 Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0. | 8.1 | HIGH | — | 0 |
| CVE-2022-2494 Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-2495 Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21. | 4.8 | MEDIUM | — | 0 |
| CVE-2022-31162 Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was... | 7.5 | HIGH | — | 0 |
| CVE-2022-31163 TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ru... | 7.5 | HIGH | — | 0 |
| CVE-2022-36993 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenti... | 8.8 | HIGH | — | 0 |
| CVE-2022-31164 Tovy is a a staff management system for Roblox groups. A vulnerability in versions prior to 0.7.51 allows users to log in as other users, including privileged users such as the other of the instance. ... | 7.5 | HIGH | — | 0 |
| CVE-2022-31169 Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtim... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-31170 OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning `false`. `ERC165Checker.supportsInterface`... | 7.5 | HIGH | — | 0 |
| CVE-2022-31172 OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. `SignatureChecker.isValidSignatureNow` is not expected ... | 7.5 | HIGH | — | 0 |
| CVE-2022-2327 io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing s... | 7.5 | HIGH | — | 0 |
| CVE-2022-31168 Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administra... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-36131 The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page. | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.