Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-48195

    An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authenticat... Read more

    Affected Products : sasl
    • Published: Dec. 31, 2022
    • Modified: Apr. 11, 2025

  • 9.8

    CRITICAL
    CVE-2022-48337

    GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use th... Read more

    Affected Products : debian_linux emacs
    • Published: Feb. 20, 2023
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2022-48066

    An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie.... Read more

    Affected Products : a830r_firmware a830r
    • Published: Jan. 27, 2023
    • Modified: Mar. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-48121

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: Jan. 20, 2023
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-47966

    Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make ... Read more

    • Actively Exploited
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47986

    IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability ... Read more

    Affected Products : linux_kernel aspera_faspex windows
    • Actively Exploited
    • Published: Feb. 17, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-47767

    A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 50... Read more

    • Published: Jan. 26, 2023
    • Modified: Apr. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-47769

    An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell.... Read more

    Affected Products : fast_checkin
    • Published: Feb. 01, 2023
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-47757

    In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory whi... Read more

    Affected Products : imo
    • Published: May. 04, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48113

    A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials.... Read more

    Affected Products : n200re-v5_firmware n200re-v5
    • Published: Feb. 02, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2022-47629

    Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.... Read more

    Affected Products : debian_linux libksba
    • Published: Dec. 20, 2022
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2022-47526

    Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the downstream node... Read more

    • Published: May. 31, 2023
    • Modified: Jan. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-47697

    COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts.... Read more

    Affected Products : cf-wr623n_firmware cf-wr623n
    • Published: Jan. 31, 2023
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-48342

    In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.... Read more

    Affected Products : teamcity
    • Published: Feb. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-48130

    Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN.... Read more

    Affected Products : w20e_firmware w20e
    • Published: Feb. 02, 2023
    • Modified: Mar. 26, 2025

  • 9.8

    CRITICAL
    CVE-2022-47758

    Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack.... Read more

    Affected Products : nanoleaf_firmware
    • Published: Apr. 27, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2022-47984

    IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243... Read more

    • Published: May. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47406

    An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.... Read more

    • Published: Dec. 14, 2022
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-47714

    Last Yard 22.09.8-1 does not enforce HSTS headers... Read more

    Affected Products : last_yard
    • Published: Feb. 01, 2023
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-47122

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd_5g parameter at /goform/WifiBasicSet.... Read more

    Affected Products : a15_firmware a15
    • Published: Dec. 30, 2022
    • Modified: Apr. 11, 2025
Showing 20 of 292768 Results