LiveActive security incident?Get immediate response
CVE archive

2022 CVE Archive

Browse CVE records published in 2022 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 26421 matching CVEs · Page 1 of 529.

High · CVSS 7.5

CVE-2022-47879: A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated us...

A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods. NOTE: The vendor states that the vulnerability affects installations running version 22.5 or earlier. The issue was resolved with version 23.2 and later versions are not affected.

Published May 12, 2023 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2022-45608: An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escal...

An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value).

Published Mar 1, 2023 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2022-45597: ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation.

ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and "Certificates are exchanged in a controlled fashion between entities within a trust relationship. This is why self-signed certificates may be used and why validating certificates isn’t as important as doing so for the transport layer certificates."

Published Mar 24, 2023 · Updated Jul 9, 2026

High · CVSS 7.2

CVE-2022-45589: All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulne...

All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version.

Published Feb 6, 2023 · Updated Jul 9, 2026

High · CVSS 7.8

CVE-2022-45588: All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Ent...

All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud Engine for Design are not impacted. This XXE vulnerability could only be exploited by someone with the appropriate rights to edit pipelines on the Talend platform. It could not be triggered remotely or by other user input.

Published Feb 3, 2023 · Updated Jul 9, 2026

Medium · CVSS 5.4

CVE-2022-44948: Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entit...

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".

Published Dec 2, 2022 · Updated Jul 9, 2026

Medium · CVSS 5.4

CVE-2022-44947: Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highl...

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add".

Published Dec 2, 2022 · Updated Jul 9, 2026