Search
On this page ▾

KEV 2022

130 CISA Known Exploited Vulnerabilities from 2022

Critical 53

December 2025

CVE-2022-37055

D-Link Routers — D-Link Routers Buffer Overflow Vulnerability

CVSS 9.8

December 2024

CVE-2022-23227

NUUO NVRmini2 Devices — NUUO NVRmini2 Devices Missing Authentication Vulnerability

CVSS 9.8

September 2024

CVE-2022-21445

Oracle ADF Faces — Oracle ADF Faces Deserialization of Untrusted Data Vulnerability

CVSS 9.8

June 2024

CVE-2022-24816

OSGeo JAI-EXT — OSGeo GeoServer JAI-EXT Code Injection Vulnerability

CVSS 10

July 2023

CVE-2022-29303

SolarView Compact — SolarView Compact Command Injection Vulnerability

CVSS 9.8
CVE-2022-31199

Netwrix Auditor — Netwrix Auditor Insecure Object Deserialization Vulnerability

CVSS 9.8

March 2023

CVE-2022-42948

Fortra Cobalt Strike — Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability

CVSS 9.8
CVE-2022-35914

Teclib GLPI — Teclib GLPI Remote Code Execution Vulnerability

CVSS 9.8

February 2023

CVE-2022-47986

IBM Aspera Faspex — IBM Aspera Faspex Code Execution Vulnerability

CVSS 9.8
CVE-2022-46169

Cacti Cacti — Cacti Command Injection Vulnerability

CVSS 9.8
CVE-2022-21587

Oracle E-Business Suite — Oracle E-Business Suite Unspecified Vulnerability

CVSS 9.8

January 2023

CVE-2022-47966

Zoho ManageEngine — Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability

CVSS 9.8
CVE-2022-44877

CWP Control Web Panel — CWP Control Web Panel OS Command Injection Vulnerability

CVSS 9.8

December 2022

CVE-2022-26501

Veeam Backup & Replication — Veeam Backup & Replication Remote Code Execution Vulnerability

CVSS 9.8
CVE-2022-27518

Citrix Application Delivery Controller (ADC) and Gateway — Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability

CVSS 9.8
CVE-2022-42475

Fortinet FortiOS — Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability

CVSS 9.8

November 2022

CVE-2022-4135

Google Chromium GPU — Google Chromium GPU Heap Buffer Overflow Vulnerability

CVSS 9.6

October 2022

CVE-2022-41352

Zimbra ZCS — Unauthenticated Webshell Deployment via Amavis cpio Archive Extraction to Web Root

CVSS 9.8
CVE-2022-40684

Fortinet Multiple Products — Fortinet Multiple Products Authentication Bypass Vulnerability

CVSS 9.8

September 2022

CVE-2022-27593

QNAP Photo Station — QNAP Photo Station Externally Controlled Reference Vulnerability

CVSS 10
CVE-2022-3236

Sophos Firewall — Sophos Firewall Code Injection Vulnerability

CVSS 9.8
CVE-2022-35405

Zoho ManageEngine — Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability

CVSS 9.8
CVE-2022-26258

D-Link DIR-820L — D-Link DIR-820L Remote Code Execution Vulnerability

CVSS 9.8
CVE-2022-3075

Google Chromium Mojo — Google Chromium Mojo Insufficient Data Validation Vulnerability

CVSS 9.6

August 2022

CVE-2022-22536

SAP Multiple Products — SAP Multiple Products HTTP Request Smuggling Vulnerability

CVSS 10
CVE-2022-22963

VMware Tanzu Spring Cloud — VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability

CVSS 9.8
CVE-2022-24112

Apache APISIX — Apache APISIX Authentication Bypass Vulnerability

CVSS 9.8
CVE-2022-24706

Apache CouchDB — Apache CouchDB Insecure Default Initialization of Resource Vulnerability

CVSS 9.8
CVE-2022-26352

dotCMS dotCMS — dotCMS Unrestricted Upload of File Vulnerability

CVSS 9.8
CVE-2022-37042

Zimbra ZCS — Authentication Bypass in mboximport Enabling Unauthenticated File Upload and Remote Code Execution

CVSS 9.8

July 2022

CVE-2022-26138

Atlassian Confluence — Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability

CVSS 9.8

June 2022

CVE-2022-29499

Mitel MiVoice Connect — Mitel MiVoice Connect Data Validation Vulnerability

CVSS 9.8
CVE-2022-26134

Atlassian Confluence 'OGNL Injection' — Pre-Auth Remote Code Execution via URL Path Expression Language Injection

CVSS 9.8

May 2022

CVE-2022-22947

VMware Spring Cloud Gateway — VMware Spring Cloud Gateway Code Injection Vulnerability

CVSS 10
CVE-2022-30525

Zyxel Multiple Firewalls — Zyxel Multiple Firewalls OS Command Injection Vulnerability

CVSS 9.8
CVE-2022-1388

F5 BIG-IP — iControl REST API Authentication Bypass Enables Unauthenticated Remote Code Execution as Root

CVSS 9.8

April 2022

CVE-2022-29464

WSO2 Multiple Products — WSO2 Multiple Products Unrestrictive Upload of File Vulnerability

CVSS 9.8
CVE-2022-22954

VMware Workspace ONE Access and Identity Manager — VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability

CVSS 9.8
CVE-2022-22965

VMware Spring Framework — Spring Framework JDK 9+ Remote Code Execution Vulnerability

CVSS 9.8

March 2022

CVE-2022-0543

Redis Debian-specific Redis Servers — Debian-specific Redis Server Lua Sandbox Escape Vulnerability

CVSS 10
CVE-2022-20699

Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers — Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

CVSS 10
CVE-2022-20700

Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers — Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

CVSS 10
CVE-2022-20701

Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers — Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

CVSS 10
CVE-2022-20703

Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers — Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

CVSS 10
CVE-2022-20708

Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers — Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

CVSS 10
CVE-2022-1040

Sophos Firewall — Sophos Firewall Authentication Bypass Vulnerability

CVSS 9.8
CVE-2022-26871

Trend Micro Apex Central — Trend Micro Apex Central Arbitrary File Upload Vulnerability

CVSS 9.8
CVE-2022-26143

Mitel MiCollab, MiVoice Business Express — MiCollab, MiVoice Business Express Access Control Vulnerability

CVSS 9.8
CVE-2022-26318

WatchGuard Firebox and XTM Appliances — WatchGuard Firebox and XTM Appliances Arbitrary Code Execution

CVSS 9.8
CVE-2022-26486

Mozilla Firefox — Mozilla Firefox Use-After-Free Vulnerability

CVSS 9.6

February 2022

CVE-2022-24086

Adobe Commerce and Magento Open Source — Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability

CVSS 9.8
CVE-2022-23131

Zabbix Frontend — Zabbix Frontend Authentication Bypass Vulnerability

CVSS 9.1

January 2022

CVE-2022-22587

Apple iOS and macOS — Apple Memory Corruption Vulnerability

CVSS 9.8

High 60

February 2026

CVE-2022-20775

Cisco SD-WAN CLI — Relative Path Traversal to Root, Re-Weaponised by UAT-8616 via Deliberate Firmware Downgrade in 2026 Campaign

CVSS 7.8

October 2025

CVE-2022-48503

Apple Multiple Products — Apple Multiple Products Unspecified Vulnerability

CVSS 8.8

August 2025

CVE-2022-40799

D-Link DNR-322L — D-Link DNR-322L Download of Code Without Integrity Check Vulnerability

CVSS 8.8

March 2025

CVE-2022-43769

Hitachi Vantara Pentaho Business Analytics (BA) Server — Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability

CVSS 8.8
CVE-2022-43939

Hitachi Vantara Pentaho Business Analytics (BA) Server — Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability

CVSS 8.6

February 2025

CVE-2022-23748

Audinate Dante Discovery — Dante Discovery Process Control Vulnerability

CVSS 7.8

August 2024

CVE-2022-0185

Linux Kernel — fsconfig Integer Underflow Allows Heap Overflow and Privilege Escalation via User Namespaces

CVSS 8.4

April 2024

CVE-2022-38028

Microsoft Windows — Microsoft Windows Print Spooler Privilege Escalation Vulnerability

CVSS 7.8

January 2024

CVE-2022-48618

Apple Multiple Products — Apple Multiple Products Memory Corruption Vulnerability

CVSS 7

December 2023

CVE-2022-22071

Qualcomm Multiple Chipsets — Qualcomm Multiple Chipsets Use-After-Free Vulnerability

CVSS 8.4

March 2023

CVE-2022-3038

Google Chromium Network Service — Google Chromium Network Service Use-After-Free Vulnerability

CVSS 8.8
CVE-2022-38181

Arm Mali Graphics Processing Unit (GPU) — Arm Mali GPU Kernel Driver Use-After-Free Vulnerability

CVSS 8.8
CVE-2022-33891

Apache Spark — Apache Spark Command Injection Vulnerability

CVSS 8.8
CVE-2022-22706

Arm Mali Graphics Processing Unit (GPU) — Arm Mali GPU Kernel Driver Unspecified Vulnerability

CVSS 7.8

February 2023

CVE-2022-36537

ZK Framework AuUploader — ZK Framework AuUploader Unspecified Vulnerability

CVSS 7.5
CVE-2022-24990

TerraMaster TerraMaster OS — TerraMaster OS Remote Command Execution Vulnerability

CVSS 7.5

January 2023

CVE-2022-41080

Microsoft Exchange Server — Microsoft Exchange Server Privilege Escalation Vulnerability

CVSS 8.8

December 2022

CVE-2022-42856

Apple iOS — Apple iOS Type Confusion Vulnerability

CVSS 8.8
CVE-2022-26500

Veeam Backup & Replication — Veeam Backup & Replication Remote Code Execution Vulnerability

CVSS 8.8
CVE-2022-4262

Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability

CVSS 8.8

November 2022

CVE-2022-41128

Microsoft Windows — Microsoft Windows Scripting Languages Remote Code Execution Vulnerability

CVSS 8.8
CVE-2022-41073

Microsoft Windows — Microsoft Windows Print Spooler Privilege Escalation Vulnerability

CVSS 7.8
CVE-2022-41125

Microsoft Windows — Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability

CVSS 7.8

October 2022

CVE-2022-3723

Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability

CVSS 8.8
CVE-2022-42827

Apple iOS and iPadOS — Apple iOS and iPadOS Out-of-Bounds Write Vulnerability

CVSS 7.8
CVE-2022-41033

Microsoft Windows COM+ Event System Service — Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability

CVSS 7.8

September 2022

CVE-2022-36804

Atlassian Bitbucket Server and Data Center — Atlassian Bitbucket Server and Data Center Command Injection Vulnerability

CVSS 8.8
CVE-2022-41040

Microsoft Exchange Server — Microsoft Exchange Server Server-Side Request Forgery Vulnerability

CVSS 8.8
CVE-2022-41082

Microsoft Exchange Server — Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS 8
CVE-2022-32917

Apple iOS, iPadOS, and macOS — Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability

CVSS 7.8
CVE-2022-37969

Microsoft Windows — Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability

CVSS 7.8
CVE-2022-40139

Trend Micro Apex One and Apex One as a Service — Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability

CVSS 7.2

August 2022

CVE-2022-2294

WebRTC WebRTC — WebRTC Heap Buffer Overflow Vulnerability

CVSS 8.8
CVE-2022-26923

Microsoft Active Directory — Microsoft Active Directory Domain Services Privilege Escalation Vulnerability

CVSS 8.8
CVE-2022-32893

Apple iOS and macOS — Apple iOS and macOS Out-of-Bounds Write Vulnerability

CVSS 8.8
CVE-2022-0028

Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability

CVSS 8.6
CVE-2022-21971

Microsoft Windows — Microsoft Windows Runtime Remote Code Execution Vulnerability

CVSS 7.8
CVE-2022-32894

Apple iOS and macOS — Apple iOS and macOS Out-of-Bounds Write Vulnerability

CVSS 7.8
CVE-2022-34713

Microsoft Windows — Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

CVSS 7.8
CVE-2022-30333

RARLAB UnRAR — RARLAB UnRAR Directory Traversal Vulnerability

CVSS 7.5
CVE-2022-27924

Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability

CVSS 7.5
CVE-2022-27925

Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability

CVSS 7.2

July 2022

CVE-2022-26925

Microsoft Windows — Microsoft Windows LSA Spoofing Vulnerability

CVSS 8.1
CVE-2022-22047

Microsoft Windows — Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability

CVSS 7.8

June 2022

CVE-2022-30190

Microsoft Windows 'Follina' — MSDT URL Handler Invoked by Office Documents Allows Code Execution Without Macros

CVSS 7.8

April 2022

CVE-2022-1364

Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability

CVSS 8.8
CVE-2022-23176

WatchGuard Firebox and XTM — WatchGuard Firebox and XTM Privilege Escalation Vulnerability

CVSS 8.8
CVE-2022-0847

Linux Kernel 'Dirty Pipe' — Uninitialized Pipe Buffer Flag Permits Page Cache Overwrite for Local Privilege Escalation

CVSS 7.8
CVE-2022-22718

Microsoft Windows — Microsoft Windows Print Spooler Privilege Escalation Vulnerability

CVSS 7.8
CVE-2022-22960

VMware Multiple Products — VMware Multiple Products Privilege Escalation Vulnerability

CVSS 7.8
CVE-2022-24521

Microsoft Windows — Microsoft Windows CLFS Driver Privilege Escalation Vulnerability

CVSS 7.8
CVE-2022-22675

Apple macOS — Apple macOS Out-of-Bounds Write Vulnerability

CVSS 7.8
CVE-2022-21919

Microsoft Windows — Microsoft Windows User Profile Service Privilege Escalation Vulnerability

CVSS 7
CVE-2022-26904

Microsoft Windows — Microsoft Windows User Profile Service Privilege Escalation Vulnerability

CVSS 7

March 2022

CVE-2022-1096

Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability

CVSS 8.8
CVE-2022-26485

Mozilla Firefox — Mozilla Firefox Use-After-Free Vulnerability

CVSS 8.8
CVE-2022-21999

Microsoft Windows — Microsoft Windows Print Spooler Privilege Escalation Vulnerability

CVSS 7.8

February 2022

CVE-2022-0609

Google Chromium Animation — Google Chromium Animation Use-After-Free Vulnerability

CVSS 8.8
CVE-2022-22620

Apple iOS, iPadOS, and macOS — Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability

CVSS 8.8
CVE-2022-21882

Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability

CVSS 7

Medium 16

July 2024

CVE-2022-22948

VMware vCenter Server — VMware vCenter Server Incorrect Default File Permissions Vulnerability

CVSS 6.5

June 2024

CVE-2022-2586

Linux Kernel — Linux Kernel Use-After-Free Vulnerability

CVSS 5.3

September 2023

CVE-2022-22265

Samsung Mobile Devices — Samsung Mobile Devices Use-After-Free Vulnerability

CVSS 5

April 2023

CVE-2022-27926

Synacor Zimbra Collaboration Suite (ZCS) — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

CVSS 6.1

March 2023

CVE-2022-28810

Zoho ManageEngine — Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability

CVSS 6.8
CVE-2022-41328

Fortinet FortiOS — Fortinet FortiOS Path Traversal Vulnerability

CVSS 6.7
CVE-2022-39197

Fortra Cobalt Strike — Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability

CVSS 6.1

February 2023

CVE-2022-40765

Mitel MiVoice Connect — Mitel MiVoice Connect Command Injection Vulnerability

CVSS 6.8
CVE-2022-41223

Mitel MiVoice Connect — Mitel MiVoice Connect Code Injection Vulnerability

CVSS 6.8

December 2022

CVE-2022-44698

Microsoft Defender — Microsoft Defender SmartScreen Security Feature Bypass Vulnerability

CVSS 5.4

November 2022

CVE-2022-41049

Microsoft Windows — Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability

CVSS 5.4
CVE-2022-41091

Microsoft Windows — Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability

CVSS 5.4

August 2022

CVE-2022-2856

Google Chromium Intents — Google Chromium Intents Insufficient Input Validation Vulnerability

CVSS 6.5

May 2022

CVE-2022-20821

Cisco IOS XR — Cisco IOS XR Open Port Vulnerability

CVSS 6.5

April 2022

CVE-2022-22674

Apple macOS — Apple macOS Out-of-Bounds Read Vulnerability

CVSS 5.5

February 2022

CVE-2022-24682

Zimbra ZCS Classic UI — Stored XSS via Calendar Attribute Injection, Exploited in the Wild from December 2021

CVSS 6.1

Low 1

February 2022

CVE-2022-23134

Zabbix Frontend — Zabbix Frontend Improper Access Control Vulnerability

CVSS 3.7
Gavin Hollinger & AI assembled this air-gap friendly HTML