CVE Explained

7 min read

99 of the most popular cybersecurity vulnerabilities & exploits (CVEs) from 2022

Approximately 25,227 CVEs were submitted in 2022. Our data looks at 99 of the most popular CVEs—based on the number of global searches each CVE generated.

Hassassin avatar

Hassassin,
Mar 16
2023

Cyber Apocalypse is an apocalypse-themed hacking event that we host for the cybersecurity community. In celebration of this year’s event, which takes players on a mission through space and time with 40+ hacking challenges, we analyzed the 99 most searched vulnerabilities and exposures (CVEs) reported in 2022. 

So what do CVEs have to do with saving the earth from a group of intergalactic attackers? 

CVEs are identifiers given to publicly disclosed information security flaws, and attackers can use them to exploit vulnerable systems. Knowing about 2022’s common vulnerabilities and exploits can therefore help you safeguard against them (and prevent a fictitious apocalypse!). 

Join Cyber Apocalypse 2023

Cyber Apocalypse 2023
  • Learn new techniques from content creators during the pre-event talks while they solve live challenges and share tips and tricks for Cyber Apocalypse 2023.

  • Win big. This year's prizes include HTB training services for teams, tons of swag, and more. 

  • Gain glory! Get your team's name on top of the scoreboard and show everyone how it's done.

Before we share the data, some background: 

  • Approximately 25,227 CVEs were submitted in 2022. We, however, look at 99 of the most popular vulnerabilities—based on the number of global searches each CVE generated (sourced from keyword research tool, Ahrefs). 

  • CVEs can be mapped to many vulnerability classes depending on how you categorize them. To keep things simple and share this data, we mapped them to OWASP’s list of vulnerabilities. This includes the OWASP Top 10 and the OWASP A11 list. (The A11 list defines vulnerabilities that are not in the OWASP Top 10, like Memory Management Errors). 

Most searched CVEs classified by OWASP vulnerability type

most popular cves by owasp type

Of the highest searched CVEs reported in 2022, Injection, Memory Management, and Insecure Design were the top three vulnerability types. Speaking of vulnerability categories: 

  • 39% of the CVEs were mapped to the Injection category: Injection vulnerabilities allow an attacker to relay malicious code through an application to another system. Common examples include OS command injections, SQL injections, and cross-site scripting (XSS).  

  • 24% of the CVEs were mapped to the Memory Management Errors category: Memory Management Errors relate to programming languages that are non-memory safe. This means when exploited, they allow an attacker to overwrite the memory of an application and influence a system. Common examples include buffer and heap overflows.

  • 16% of the CVEs were mapped to the Insecure Design category: Insecure Design is a broad category related to structural vulnerabilities or a lack of appropriate safeguards during software design. 

Top 10 most popular CVEs in 2022 (based on global search volume)

most popular cves of 2022
  1. CVE-2022-22965: The most popular CVE reported in 2022 (also known as Spring4Shell) is an extremely high-impact Injection vulnerability in Spring Framework that allows attackers to make changes remotely to a target system. 

  2. CVE-2022-1388: An Identification and Authentication Failure vulnerability that enables an unauthenticated attacker with network access to remotely execute commands on a target system. 

  3. CVE-2022-30190: An Injection vulnerability (also known as Folina) in which the Microsoft Windows Support Diagnostic Tool (MSDT) MSDT is called using the URL protocol from a calling application such as Word. 

  4. CVE-2022-26809: An Injection vulnerability that allows an unauthorized attacker can to send a specially crafted Remote Procedure Call (RPC) to remotely execute arbitrary code on a victim’s device.

  5. CVE-2022-0847: An Injection vulnerability (also known as Dirty Pipe) related to the new pipe buffer structure in the Linux Kernel that allows an unprivileged local user to use this flaw to write to pages in the page cache backed by read-only files, and as a result, escalate their privileges on a system.

  6. CVE-2022-0778: A Cryptographic Failure vulnerability that causes the OpenSSL library to enter an infinite loop when parsing an invalid certificate and can allow an attacker to trigger a Denial-of-Service (DoS). 

  7. CVE-2022-1096: An Injection vulnerability that uses type confusion in V8 in Google Chrome (prior to version 99.0.4844.84) to allow an authorized attacker to remotely read and write data on a victim’s machine. 

  8. CVE-2022-22963: An Injection vulnerability in the routing functionality of Spring Cloud Function that allows an attacker to arbitrarily run commands or code on a compromised system. 

  9. CVE-2022-21449: A Broken Access Control vulnerability that allows an unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. 

  10. CVE-2022-26925: An Identification and Authentication Failure vulnerability that allows unauthenticated attackers to remotely exploit and force domain controllers to authenticate them via the Windows NT LAN Manager (NTLM) security protocol. 

99 of the most searched cybersecurity exploits and weaknesses from 2022

CVE

Global volume

OWASP vulnerability type

cve-2022-22965

21,000

Injection

cve-2022-1388

20,000

Identification and Authentication Failures

cve-2022-30190

14,000

Injection

cve-2022-26809

13,000

Injection

cve-2022-0847

13,000

Injection

cve-2022-0778

12,000

Cryptographic Failures

cve-2022-1096

9,200

Memory Management Errors

cve-2022-22963

9,100

Injection

cve-2022-21449

8,600

Broken Access Control

cve-2022-26925

6,400

Identification and Authentication Failures

cve-2022-1292

5,300

Injection

cve-2022-21907

5,200

Injection

cve-2022-29072

4,700

Injection

cve-2022-0609

3,900

Memory Management Errors

cve-2022-23307

3,400

Insecure Design

cve-2022-0185

3,300

Memory Management Errors

cve-2022-22972

3,300

Identification and Authentication Failures

cve-2022-26923

3,200

Injection

cve-2022-22950

3,200

Insecure Design

cve-2022-22620

3,000

Injection

cve-2022-22720

2,800

Insecure Design

cve-2022-24521

2,800

Injection

cve-2022-22954

2,600

Injection

cve-2022-21476

2,600

Vulnerable and Outdated Components

cve-2022-1162

2,600

Insecure Design

cve-2022-0540

2,600

Identification and Authentication Failures

cve-2022-0492

2,500

Injection

cve-2022-1364

2,400

Memory Management Errors

cve-2022-24491

2,200

Injection

cve-2022-23305

2,100

Injection

cve-2022-23181

2,100

Security Misconfiguration

cve-2022-23302

2,100

Injection

cve-2022-1271

1,900

Broken Access Control

cve-2022-21882

1,900

Injection

cve-2022-22536

1,900

Insecure Design

cve-2022-24086

1,900

Identification and Authentication Failures

cve-2022-23943

1,800

Memory Management Errors

cve-2022-22973

1,700

Identification and Authentication Failures

cve-2022-24765

1,700

Insecure Design

cve-2022-29885

1,700

Security Misconfiguration

cve-2022-26500

1,700

Injection

cve-2022-29464

1,600

Insecure Design

cve-2022-21989

1,600

Injection

cve-2022-22719

1,500

Memory Management Errors

cve-2022-26937

1,400

Injection

cve-2022-29799

1,400

Insecure Design

cve-2022-27404

1,400

Memory Management Errors

cve-2022-0543

1,400

Memory Management Errors

cve-2022-26904

1,400

Injection

cve-2022-24823

1,300

Insecure Design

cve-2022-22947

1,200

Injection

cve-2022-24407

1,200

Injection

cve-2022-23812

1,200

Injection

cve-2022-22805

1,200

Memory Management Errors

cve-2022-21724

1,200

Insecure Design

cve-2022-20695

1,200

Identification and Authentication Failures

cve-2022-29972

1,100

Injection

cve-2022-0715

1,100

Identification and Authentication Failures

cve-2022-26485

1,100

Memory Management Errors

cve-2022-26143

1,100

Identification and Authentication Failures

cve-2022-28391

1,100

Identification and Authentication Failures

cve-2022-0811

1,100

Injection

cve-2022-25235

1,100

Insecure Design

cve-2022-22587

1,100

Memory Management Errors

cve-2022-21990

1,100

Injection

cve-2022-24497

1,100

Injection

cve-2022-3942

1,000

Injection

cve-2022-1015

1,000

Memory Management Errors

cve-2022-22968

1,000

Insecure Design

cve-2022-23852

1,000

Memory Management Errors

cve-2022-22721

1,000

Memory Management Errors

cve-2022-20699

900

Memory Management Errors

cve-2022-22012

900

Injection

cve-2022-23677

900

Injection

cve-2022-29155

900

Injection

cve-2022-22806

900

Insecure Design

cve-2022-1040

900

Identification and Authentication Failures

cve-2022-22675

800

Memory Management Errors

cve-2022-22718

800

Injection

cve-2022-23676

800

Injection

cve-2022-1802

800

Injection

cve-2022-25315

800

Memory Management Errors

cve-2022-26318

800

Memory Management Errors

cve-2022-1552

800

Injection

cve-2022-21426

800

Insecure Design

cve-2022-26486

700

Memory Management Errors

cve-2022-22784

700

Injection

cve-2022-30525

700

Injection

cve-2022-25236

700

Security Misconfiguration

cve-2022-22970

700

Insecure Design

cve-2022-23218

700

Memory Management Errors

cve-2022-23219

700

Memory Management Errors

cve-2022-26931

700

Injection

cve-2022-22674

600

Memory Management Errors

cve-2022-22822

600

Memory Management Errors

cve-2022-23990

600

Memory Management Errors

cve-2022-1183

600

Security Misconfiguration

cve-2022-21496

600

Insecure Design

cve-2022-20821

400

Identification and Authentication Failures

Learn and compete with the best hackers in the world

We hope you enjoyed learning about some of the most popular security vulnerabilities and exploits from last year! If you're up for the challenge, join Cyber Apocalpyse 2023 to learn new techniques, meet other hackers, and push your skills to the limit.

Sign up for Cyber Apocalypse 2023

Alternatively, check out the Hack The Box Academy for guided cybersecurity training courses or our hacking Labs and Machines designed around emerging high-risk vulnerabilities and active threats in the cyber landscape. 

Author bio: Hassan Ud-deen (hassassin), Content Marketing Manager, Hack The Box

Hassan Ud-deen is the Content Marketing Manager at Hack The Box. He's fascinated by cybersecurity, enjoys interviewing tech professionals, and when the mood strikes him occasionally tinkers within a Linux terminal in a dark room with his (HTB) hoodie on. #noob. Feel free to connect with him on LinkedIn.

Hack The Blog

The latest news and updates, direct from Hack The Box