Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-47986

    IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability ... Read more

    Affected Products : linux_kernel aspera_faspex windows
    • Actively Exploited
    • EPSS Score: %94.34
    • Published: Feb. 17, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-47767

    A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 50... Read more

    • EPSS Score: %0.39
    • Published: Jan. 26, 2023
    • Modified: Apr. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-47769

    An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell.... Read more

    Affected Products : fast_checkin
    • EPSS Score: %0.26
    • Published: Feb. 01, 2023
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-47757

    In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory whi... Read more

    Affected Products : imo
    • EPSS Score: %0.15
    • Published: May. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48113

    A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials.... Read more

    Affected Products : n200re-v5_firmware n200re-v5
    • EPSS Score: %0.24
    • Published: Feb. 02, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2022-47629

    Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.... Read more

    Affected Products : debian_linux libksba
    • EPSS Score: %1.84
    • Published: Dec. 20, 2022
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-47526

    Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the downstream node... Read more

    • EPSS Score: %2.13
    • Published: May. 31, 2023
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-47697

    COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts.... Read more

    Affected Products : cf-wr623n_firmware cf-wr623n
    • EPSS Score: %0.08
    • Published: Jan. 31, 2023
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-48342

    In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.... Read more

    Affected Products : teamcity
    • EPSS Score: %0.00
    • Published: Feb. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48130

    Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN.... Read more

    Affected Products : w20e_firmware w20e
    • EPSS Score: %0.13
    • Published: Feb. 02, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2022-47758

    Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack.... Read more

    Affected Products : nanoleaf_firmware
    • EPSS Score: %0.74
    • Published: Apr. 27, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2022-47984

    IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243... Read more

    • EPSS Score: %0.06
    • Published: May. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47406

    An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.... Read more

    • EPSS Score: %0.17
    • Published: Dec. 14, 2022
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-47714

    Last Yard 22.09.8-1 does not enforce HSTS headers... Read more

    Affected Products : last_yard
    • EPSS Score: %0.05
    • Published: Feb. 01, 2023
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-47122

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd_5g parameter at /goform/WifiBasicSet.... Read more

    Affected Products : a15_firmware a15
    • EPSS Score: %0.12
    • Published: Dec. 30, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-47002

    A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request.... Read more

    Affected Products : masacms
    • EPSS Score: %63.01
    • Published: Feb. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46860

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4. ... Read more

    Affected Products : short_url
    • EPSS Score: %0.21
    • Published: Nov. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47036

    Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for "debug login" by an admin. NOTE: the vulnerability is not fixed by the 2.1.1 firmware;... Read more

    Affected Products :
    • Published: Mar. 18, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46764

    A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.... Read more

    Affected Products : windows server
    • EPSS Score: %10.70
    • Published: Dec. 27, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-46803

    Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin.This issue affects Simple Newsletter Plugin – Noptin: from n/a through 1.9.5. ... Read more

    Affected Products : noptin
    • EPSS Score: %0.69
    • Published: Nov. 07, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292518 Results