2022 — CVEs disclosed (Default sort: published descending; newest first.)

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Showing 2140 of 27521 results
«« First « Prev Page 2 / 1377 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2022-23826 A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity. 1.8 0.08% 2026-05-14 2026-06-17
CVE-2022-4988 Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries. Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such as CVE-2015-0852 and CVE-2025-65803. The library embeds other images libraries that also have known vulnerabilities. 7.3 0.29% 2026-05-11 2026-06-17
CVE-2022-50970 WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can craft URLs with XSS payloads in the tab parameter of the aawp-settings admin page to execute arbitrary JavaScript in the context of authenticated users. 5.1 0.17% 2026-05-10 2026-06-17
CVE-2022-50969 uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers. 5.1 0.25% 2026-05-10 2026-06-17
CVE-2022-50968 uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers. 5.1 0.25% 2026-05-10 2026-06-17
CVE-2022-50967 uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers. 5.1 0.25% 2026-05-10 2026-06-17
CVE-2022-50966 uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers. 5.1 0.25% 2026-05-10 2026-06-17
CVE-2022-50965 uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers. 5.1 0.25% 2026-05-10 2026-06-17
CVE-2022-50964 uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers. 5.1 0.25% 2026-05-10 2026-06-17
CVE-2022-50963 uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/active module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers. 5.1 0.25% 2026-05-10 2026-06-17
CVE-2022-50962 uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests that execute in victims' browsers. 5.1 0.25% 2026-05-10 2026-06-17
CVE-2022-50961 WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code through the Frontend Settings interface. Attackers can inject malicious scripts in the URL field of the Display page settings that execute when administrators or other authenticated users visit the plugin settings page. 5.1 0.19% 2026-05-10 2026-06-17
CVE-2022-50960 WordPress International SMS for Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inject malicious scripts through the page parameter in class-sms-log-display.php to execute arbitrary JavaScript in administrator browsers. 5.1 0.19% 2026-05-10 2026-06-17
CVE-2022-50959 WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Attackers can craft malicious URLs to code_generator.php with script payloads in the form_id parameter to execute arbitrary JavaScript in victim browsers. 5.1 0.21% 2026-05-10 2026-06-17
CVE-2022-50958 WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the post_id parameter to execute arbitrary JavaScript in victim browsers. 5.1 0.20% 2026-05-10 2026-06-17
CVE-2022-50957 Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avatar_uploader.pages.inc to execute arbitrary JavaScript in victim browsers. 5.1 0.24% 2026-05-10 2026-06-17
CVE-2022-50956 WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php to include and read sensitive files accessible to the web server. 6.9 0.15% 2026-05-10 2026-06-17
CVE-2022-50955 WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can trick authenticated administrators into submitting forged requests to the options-general.php page with curtain parameters to toggle maintenance mode without valid nonce validation. 5.3 0.13% 2026-05-10 2026-06-17
CVE-2022-50954 WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tblight.php. Attackers can supply path traversal sequences through the controller GET parameter to include arbitrary files outside the intended controllers directory. 6.9 0.39% 2026-05-10 2026-06-17
CVE-2022-50949 WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized mov, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers through the plugin options panel to execute arbitrary JavaScript when administrators view or edit video settings. 5.1 0.19% 2026-05-10 2026-06-17
«« First « Prev Page 2 / 1377 Next »
cvelogic Threat Intelligence