99 of the most popular cybersecurity vulnerabilities & exploits (CVEs) from 2022

Cyber Apocalypse is an apocalypse-themed hacking event that we host for the cybersecurity community. In celebration of this year’s event, which takes players on a mission through space and time with 40+ hacking challenges, we analyzed the 99 most searched vulnerabilities and exposures (CVEs) reported in 2022. 

So what do CVEs have to do with saving the earth from a group of intergalactic attackers? 

CVEs are identifiers given to publicly disclosed information security flaws, and attackers can use them to exploit vulnerable systems. Knowing about 2022’s common vulnerabilities and exploits can therefore help you safeguard against them (and prevent a fictitious apocalypse!). 

Before we share the data, some background: 

• Approximately 25,227 CVEs were submitted in 2022. We, however, look at 99 of the most popular vulnerabilities—based on the number of global searches each CVE generated (sourced from keyword research tool, Ahrefs). 

• CVEs can be mapped to many vulnerability classes depending on how you categorize them. To keep things simple and share this data, we mapped them to OWASP’s list of vulnerabilities. This includes the OWASP Top 10 and the OWASP A11 list. (The A11 list defines vulnerabilities that are not in the OWASP Top 10, like Memory Management Errors). 

Most searched CVEs classified by OWASP vulnerability type

Of the highest searched CVEs reported in 2022, Injection, Memory Management, and Insecure Design were the top three vulnerability types. Speaking of vulnerability categories: 

• 39% of the CVEs were mapped to the Injection category: Injection vulnerabilities allow an attacker to relay malicious code through an application to another system. Common examples include OS command injections, SQL injections, and cross-site scripting (XSS).  

• 24% of the CVEs were mapped to the Memory Management Errors category: Memory Management Errors relate to programming languages that are non-memory safe. This means when exploited, they allow an attacker to overwrite the memory of an application and influence a system. Common examples include buffer and heap overflows.

• 16% of the CVEs were mapped to the Insecure Design category: Insecure Design is a broad category related to structural vulnerabilities or a lack of appropriate safeguards during software design. 

Top 10 most popular CVEs in 2022 (based on global search volume)

1. CVE-2022-22965: The most popular CVE reported in 2022 (also known as Spring4Shell) is an extremely high-impact Injection vulnerability in Spring Framework that allows attackers to make changes remotely to a target system. 

2. CVE-2022-1388: An Identification and Authentication Failure vulnerability that enables an unauthenticated attacker with network access to remotely execute commands on a target system. 

3. CVE-2022-30190: An Injection vulnerability (also known as Folina) in which the Microsoft Windows Support Diagnostic Tool (MSDT) MSDT is called using the URL protocol from a calling application such as Word. 

4. CVE-2022-26809: An Injection vulnerability that allows an unauthorized attacker can to send a specially crafted Remote Procedure Call (RPC) to remotely execute arbitrary code on a victim’s device.

5. CVE-2022-0847: An Injection vulnerability (also known as Dirty Pipe) related to the new pipe buffer structure in the Linux Kernel that allows an unprivileged local user to use this flaw to write to pages in the page cache backed by read-only files, and as a result, escalate their privileges on a system.

6. CVE-2022-0778: A Cryptographic Failure vulnerability that causes the OpenSSL library to enter an infinite loop when parsing an invalid certificate and can allow an attacker to trigger a Denial-of-Service (DoS). 

7. CVE-2022-1096: An Injection vulnerability that uses type confusion in V8 in Google Chrome (prior to version 99.0.4844.84) to allow an authorized attacker to remotely read and write data on a victim’s machine. 

8. CVE-2022-22963: An Injection vulnerability in the routing functionality of Spring Cloud Function that allows an attacker to arbitrarily run commands or code on a compromised system. 

9. CVE-2022-21449: A Broken Access Control vulnerability that allows an unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. 

10. CVE-2022-26925: An Identification and Authentication Failure vulnerability that allows unauthenticated attackers to remotely exploit and force domain controllers to authenticate them via the Windows NT LAN Manager (NTLM) security protocol. 

99 of the most searched cybersecurity exploits and weaknesses from 2022

Learn and compete with the best hackers in the world

We hope you enjoyed learning about some of the most popular security vulnerabilities and exploits from last year! If you're up for the challenge, join Cyber Apocalpyse 2023 to learn new techniques, meet other hackers, and push your skills to the limit.

Sign up for Cyber Apocalypse 2023

Alternatively, check out the Hack The Box Academy for guided cybersecurity training courses or our hacking Labs and Machines designed around emerging high-risk vulnerabilities and active threats in the cyber landscape. 

Author bio: Hassan Ud-deen (hassassin), Content Marketing Manager, Hack The Box Hassan Ud-deen is the Content Marketing Manager at Hack The Box. He's fascinated by cybersecurity, enjoys interviewing tech professionals, and when the mood strikes him occasionally tinkers within a Linux terminal in a dark room with his (HTB) hoodie on. #noob. Feel free to connect with him on LinkedIn.