130 CVEs published in 2022. 130 flagged on the CISA Known Exploited Vulnerabilities catalog. Every guide includes runnable Linux, Windows PowerShell, and Bash remediation commands.
130 fix guides from 2022 ⚠ 130 actively exploited (CISA KEV)CVE-2022-0543 is a remote code execution flaw in redis. Verified patched version and mitigations from the official advisory.
CVE-2022-1040 is a vulnerability in Sophos Firewall. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2022-1388 is the F5 BIG-IP iControl REST auth bypass that gives root command execution. Patched builds and TMUI lockdown for emergency m
CVE-2022-20699 is the SSL VPN RCE in the Cisco RV Series bundle. Public exploit code exists. Patch or replace the hardware.
CVE-2022-20700 is part of the Cisco RV160/RV260/RV340/RV345 bundle. Same advisory and same fix as CVE-2022-20708.
CVE-2022-20701 is part of the Cisco RV160/RV260/RV340/RV345 bundle. Same advisory and same fix as CVE-2022-20708.
CVE-2022-20703 is part of the Cisco RV160/RV260/RV340/RV345 bundle. Same advisory and same fix as CVE-2022-20708.
CVE-2022-20708 is part of the unpatched Cisco RV160/RV260/RV340/RV345 bundle. Mitigation steps and the end-of-life reality.
CVE-2022-21445 - Insecure Deserialization in Application Development Framework (ADF). Runnable patch commands and verification on this page.
CVE-2022-21587 lets unauthenticated attackers run code via Oracle Web Applications Desktop Integrator in E-Business Suite. Critical Patch Up
CVE-2022-22536 is a http request smuggling flaw in SAP Content Server, SAP NetWeaver and ABAP Platform, SAP Web Dispatcher. Verified patched
CVE-2022-22587 is a denial of service flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
Improper Control of Generation of Code ('Code Injection' in Spring Cloud Gateway (VMware). Actively exploited. Verified patched versions and
Remote Code Execution in VMware Workspace ONE Access and Identity Manager. Actively exploited. Verified patched versions and remediation ste
CVE-2022-22963 is a code injection flaw in Spring Cloud Function. Verified patched version and mitigations from the official advisory.
Remote Code Execution in Spring Framework (VMware). Actively exploited. Verified patched versions and remediation steps.
CVE-2022-23131 is an authentication bypass in Frontend. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2022-23227 is a security vulnerability flaw in NUUO NVRmini2 through. Verified patched version and mitigations from the official advisor
CVE-2022-24086 is the Adobe Commerce / Magento improper input validation that gives unauthenticated RCE. Apply APSB22-12 hotfix and rotate M
CVE-2022-24112 is an authentication bypass by spoofing flaw in Apache APISIX. Verified patched version and mitigations from the official adv
CVE-2022-24706 is an insecure default initialization flaw in Apache CouchDB. Verified patched version and mitigations from the official advi
CVE-2022-24816 is a code injection in jai-ext. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2022-24990 is a security vulnerability flaw in TerraMaster NAS. Verified patched version and mitigations from the official advisory.
CVE-2022-26134 is a security vulnerability flaw in Confluence Data Center, Confluence Server. Verified patched version and mitigations from
CVE-2022-26138 is a hardcoded credentials flaw in Questions For Confluence. Verified patched version and mitigations from the official advis
Denial of Service in MiCollab, MiVoice Business Express (Mitel). Actively exploited. Verified patched versions and remediation steps.
CVE-2022-26258 is a remote code execution flaw in DIR-820L. Verified patched version and mitigations from the official advisory.
Security Vulnerability in Firebox and XTM Appliances (WatchGuard). Actively exploited. Verified patched versions and remediation steps.
CVE-2022-26352 is a remote code execution flaw in dotCMS. Verified patched version and mitigations from the official advisory.
Use-After-Free in Firefox (Mozilla). Actively exploited. Verified patched versions and remediation steps.
CVE-2022-26501 is a security vulnerability flaw in Backup & Replication. Verified patched version and mitigations from the official advisory
CVE-2022-26871 is a remote code execution flaw in Trend Micro Apex Central. Verified patched version and mitigations from the official advis
CVE-2022-27518 is the Citrix ADC / Gateway zero-day exploited by APT5 against defense contractors in 2022. Patched builds and SAML configura
CVE-2022-27593: a server-side request forgery (SSRF) in Photo Station. Patched version and vendor advisory inside.
CVE-2022-29303 is a command injection flaw in Compact. Verified patched version and mitigations from the official advisory.
CVE-2022-29464 is a vulnerability in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2022-29499 is a remote code execution flaw in MiVoice Connect. Verified patched version and mitigations from the official advisory.
CVE-2022-30525: an OS command injection in USG FLEX 100(W) firmware. Patched version and vendor advisory inside.
CVE-2022-3075 is a security vulnerability flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2022-31199 is a remote code execution flaw in Auditor. Verified patched version and mitigations from the official advisory.
CVE-2022-3236 is a vulnerability in Sophos Firewall. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2022-35405 is a remote code execution flaw in Zoho ManageEngine Password Manager Pro. Verified patched version and mitigations from the
CVE-2022-35914 is a security vulnerability flaw in GLPI. Verified patched version and mitigations from the official advisory.
CVE-2022-37042 is a remote code execution flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the offici
CVE-2022-37055 is a memory corruption flaw in Routers. Verified patched version and mitigations from the official advisory.
CVE-2022-40684 lets unauthenticated attackers bypass admin authentication on Fortinet appliances. Public exploit code exists. Patch and lock
CVE-2022-4135 is a memory corruption flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2022-41352 is a path traversal flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the official advi
CVE-2022-42475 is a memory corruption in FortiProxy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2022-42948 is a remote code execution flaw in Cobalt Strike. Verified patched version and mitigations from the official advisory.
CVE-2022-44877 is a security vulnerability flaw in Control Web Panel. Verified patched version and mitigations from the official advisory.
CVE-2022-46169 is an OS command injection in cacti. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2022-47966 is a remote code execution flaw in ManageEngine. Verified patched version and mitigations from the official advisory.
CVE-2022-47986 is the IBM Aspera Faspex YAML deserialization that gives unauthenticated RCE. IceFire ransomware used it. Patched version and
CVE-2022-0028 is a denial of service in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2022-0185 is an integer overflow flaw in kernel. Verified patched version and mitigations from the official advisory.
CVE-2022-0609 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
->CWE-281 in kernel (Linux). Actively exploited. Verified patched versions and remediation steps.
CVE-2022-1096 is a type confusion flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2022-1364 is a type confusion flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2022-20775 is a path traversal in Cisco Catalyst SD-WAN. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2022-21882 is an out-of-bounds write in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run
CVE-2022-21919: Improper Link Resolution Before File Access in Microsoft Windows. Runnable fix commands and patched builds.
CVE-2022-21971 access of uninitialized pointer in Windows 10 Version 1809. Runnable upgrade commands and verification steps for sysadmins.
CVE-2022-21999 is a Path Traversal flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable fix comm
CVE-2022-22047 is a untrusted search path in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2022-22071 is a Use-After-Free flaw in Qualcomm, Inc. Snapdragon Auto. Actively exploited per CISA KEV. Verified patched builds and fix
CVE-2022-22620 is a remote code execution flaw in Safari (v and ), macOS. Verified patched version and mitigations from the official advisor
CVE-2022-22675 is a denial of service flaw in iOS and iPadOS, macOS, watchOS. Verified patched version and mitigations from the official adv
CVE-2022-22706 is a security vulnerability flaw in Arm Mali GPU Kernel Driver. Verified patched version and mitigations from the official ad
CVE-2022-22718 is a Elevation of Privilege flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable
CVE-2022-2294 is a memory corruption flaw in Chrome. Verified patched version and mitigations from the official advisory.
Privilege Escalation in VMware Workspace ONE Access. Actively exploited. Verified patched versions and remediation steps.
Security Vulnerability in Firebox and XTM (WatchGuard). Actively exploited. Verified patched versions and remediation steps.
CVE-2022-23748 is a process control flaw in Audinate Dante Application Library for Windows. Verified patched version and mitigations from th
CVE-2022-24521 is a Out-of-Bounds Write flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable fix
Use-After-Free in Firefox (Mozilla). Actively exploited. Verified patched versions and remediation steps.
CVE-2022-26500 is a security vulnerability flaw in Backup & Replication. Verified patched version and mitigations from the official advisory
CVE-2022-26904 is a Race Condition flaw in Microsoft Windows. Actively exploited per CISA KEV. Verified patched builds and runnable fix comm
CVE-2022-26923 improper certificate validation in Windows 10 Version 1809. Runnable upgrade commands and verification steps for sysadmins.
CVE-2022-26925 missing authentication for critical function in Windows 10 Version 1809. Runnable upgrade commands and verification steps for
CVE-2022-27924 is a security vulnerability flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the offic
CVE-2022-27925 is a path traversal flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the official advi
CVE-2022-30190 is a remote code execution in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2022-30333 is a path traversal flaw in RARLAB UnRAR. Verified patched version and mitigations from the official advisory.
CVE-2022-3038 is an use-after-free flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2022-32893 is a remote code execution flaw in Safari, iOS and iPadOS, macOS. Verified patched version and mitigations from the official
CVE-2022-32894 is a denial of service flaw in iOS and iPadOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2022-32917 is a denial of service flaw in iOS, macOS. Verified patched version and mitigations from the official advisory.
CVE-2022-33891 is an os command injection flaw in Apache Spark. Verified patched version and mitigations from the official advisory.
CVE-2022-34713 is a remote code execution in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2022-36537 is a security vulnerability flaw in ZK Framework. Verified patched version and mitigations from the official advisory.
CVE-2022-36804 is a security vulnerability flaw in Bitbucket Data Center, Bitbucket Server. Verified patched version and mitigations from th
CVE-2022-3723 is a type confusion flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2022-37969 is a out-of-bounds write in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2022-38028 is a security vulnerability in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2022-38181 is a security vulnerability flaw in The Arm Mali GPU kernel driver. Verified patched version and mitigations from the officia
CVE-2022-40139 is a remote code execution flaw in Trend Micro Apex One. Verified patched version and mitigations from the official advisory.
CVE-2022-40799 is a security vulnerability flaw in DNR-322L. Verified patched version and mitigations from the official advisory.
CVE-2022-41033 access of resource using incompatible type ('type confusion') in Windows 10 Version 1809. Runnable upgrade commands and verif
CVE-2022-41040 server-side request forgery (ssrf) in Microsoft Exchange Server 2013 Cumulative Update 23. Runnable upgrade commands and veri
CVE-2022-41073 is a out-of-bounds write in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2022-41080 security vulnerability in Microsoft Exchange Server 2016 Cumulative Update 23. Runnable upgrade commands and verification ste
CVE-2022-41082 deserialization of untrusted data in Microsoft Exchange Server 2013 Cumulative Update 23. Runnable upgrade commands and verif
CVE-2022-41125 is a out-of-bounds write in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2022-41128 is a out-of-bounds write in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2022-4262 is a type confusion flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2022-42827 is a denial of service flaw in iOS and iPadOS. Verified patched version and mitigations from the official advisory.
CVE-2022-42856 is a remote code execution flaw in tvOS. Verified patched version and mitigations from the official advisory.
CVE-2022-43769: a vulnerability in Pentaho Business Analytics Server. Patched version and vendor advisory inside.
CVE-2022-43939: Use of Non-Canonical URL Paths for Authorization Decisions in Hitachi Vantara Pentaho Business Analytics Server. Patched bui
CVE-2022-20821: an information disclosure in Cisco IOS XR Software. Patched version and vendor advisory inside.
CVE-2022-22265: Improper Check or Handling of Exceptional Conditions in Samsung Mobile Samsung Mobile Devices. Patched builds and fix steps.
CVE-2022-22674 is a memory corruption flaw in macOS. Verified patched version and mitigations from the official advisory.
CVE-2022-22948 is an information disclosure flaw in VMware vCenter Server and VMware Cloud Foundation. Verified patched version and mitigati
Security Vulnerability in Zimbra Collaborate Suite (ZCS) (Synacor). Actively exploited. Verified patched versions and remediation steps.
CVE-2022-2586 is a Use-After-Free flaw in The Linux Kernel Organization linux. Actively exploited per CISA KEV. Verified patched builds and
CVE-2022-27926 is a cross-site scripting flaw in Zimbra Collaboration Suite (ZCS). Verified patched version and mitigations from the officia
CVE-2022-2856 is a security vulnerability flaw in Chrome. Verified patched version and mitigations from the official advisory.
CVE-2022-28810 is a security vulnerability flaw in Zoho ManageEngine ADSelfService Plus. Verified patched version and mitigations from the o
CVE-2022-39197 is a cross-site scripting flaw in Cobalt Strike. Verified patched version and mitigations from the official advisory.
CVE-2022-40765 is a security vulnerability flaw in MiVoice Connect. Verified patched version and mitigations from the official advisory.
CVE-2022-41049 is a security vulnerability in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2022-41091 is a incorrect authorization in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fi
CVE-2022-41223 is a security vulnerability flaw in MiVoice Connect. Verified patched version and mitigations from the official advisory.
CVE-2022-41328 is a path traversal in FortiOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2022-44698 is a security vulnerability in Windows 10 Version 1809. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2022-23134 is a Improper Access Control flaw in Zabbix Frontend. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2022-48503 is a Denial of Service flaw in Apple Safari. Actively exploited per CISA KEV. Verified patched builds and fix steps.
CVE-2022-48618 is a Denial of Service flaw in Apple iOS and iPadOS. Actively exploited per CISA KEV. Verified patched builds and fix steps.