Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-48472

    A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.... Read more

    • EPSS Score: %1.42
    • Published: Jun. 16, 2023
    • Modified: Dec. 17, 2024

  • 9.8

    CRITICAL
    CVE-2022-48283

    A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.... Read more

    Affected Products : hilink_ai_life
    • EPSS Score: %0.10
    • Published: Feb. 27, 2023
    • Modified: Mar. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-48252

    The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection.... Read more

    Affected Products : pi.alert
    • EPSS Score: %1.32
    • Published: Jan. 11, 2023
    • Modified: Apr. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-48195

    An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authenticat... Read more

    Affected Products : sasl
    • EPSS Score: %0.33
    • Published: Dec. 31, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-48337

    GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use th... Read more

    Affected Products : debian_linux emacs
    • EPSS Score: %0.28
    • Published: Feb. 20, 2023
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2022-48066

    An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie.... Read more

    Affected Products : a830r_firmware a830r
    • EPSS Score: %0.05
    • Published: Jan. 27, 2023
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-48121

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %1.45
    • Published: Jan. 20, 2023
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-47966

    Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make ... Read more

    • Actively Exploited
    • EPSS Score: %94.43
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47986

    IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability ... Read more

    Affected Products : linux_kernel aspera_faspex windows
    • Actively Exploited
    • EPSS Score: %94.34
    • Published: Feb. 17, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-47767

    A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 50... Read more

    • EPSS Score: %0.39
    • Published: Jan. 26, 2023
    • Modified: Apr. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-47769

    An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell.... Read more

    Affected Products : fast_checkin
    • EPSS Score: %0.26
    • Published: Feb. 01, 2023
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-47757

    In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory whi... Read more

    Affected Products : imo
    • EPSS Score: %0.15
    • Published: May. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48113

    A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials.... Read more

    Affected Products : n200re-v5_firmware n200re-v5
    • EPSS Score: %0.24
    • Published: Feb. 02, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2022-47629

    Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.... Read more

    Affected Products : debian_linux libksba
    • EPSS Score: %1.84
    • Published: Dec. 20, 2022
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-47526

    Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the downstream node... Read more

    • EPSS Score: %2.13
    • Published: May. 31, 2023
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-47697

    COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts.... Read more

    Affected Products : cf-wr623n_firmware cf-wr623n
    • EPSS Score: %0.08
    • Published: Jan. 31, 2023
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-48342

    In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.... Read more

    Affected Products : teamcity
    • EPSS Score: %0.00
    • Published: Feb. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48130

    Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN.... Read more

    Affected Products : w20e_firmware w20e
    • EPSS Score: %0.13
    • Published: Feb. 02, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2022-47758

    Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack.... Read more

    Affected Products : nanoleaf_firmware
    • EPSS Score: %0.74
    • Published: Apr. 27, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2022-47984

    IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243... Read more

    • EPSS Score: %0.06
    • Published: May. 19, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292319 Results