Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-46366

    Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apa... Read more

    Affected Products : tapestry
    • EPSS Score: %3.76
    • Published: Dec. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46326

    Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.12
    • Published: Dec. 20, 2022
    • Modified: Apr. 16, 2025

  • 9.8

    CRITICAL
    CVE-2017-5005

    Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsi... Read more

    • EPSS Score: %31.50
    • Published: Jan. 02, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-46387

    ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.... Read more

    Affected Products : conemu cmder
    • EPSS Score: %0.12
    • Published: Mar. 28, 2023
    • Modified: Feb. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-46291

    Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An at... Read more

    Affected Products : open_babel
    • EPSS Score: %0.13
    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46169

    Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a s... Read more

    Affected Products : cacti
    • Actively Exploited
    • EPSS Score: %94.47
    • Published: Dec. 05, 2022
    • Modified: Feb. 18, 2025

  • 9.8

    CRITICAL
    CVE-2022-46162

    discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin ... Read more

    Affected Products : discourse_bbcode
    • EPSS Score: %0.47
    • Published: Nov. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46080

    Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET.... Read more

    • EPSS Score: %16.56
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46280

    A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file t... Read more

    Affected Products : open_babel
    • EPSS Score: %0.34
    • Published: Jul. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-8855

    Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware upda... Read more

    • EPSS Score: %0.16
    • Published: Jul. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45982

    thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload.... Read more

    Affected Products : thinkphp
    • EPSS Score: %0.97
    • Published: Feb. 08, 2023
    • Modified: Mar. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-45908

    In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.... Read more

    Affected Products : paddlepaddle
    • EPSS Score: %0.14
    • Published: Nov. 26, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-45875

    Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack c... Read more

    Affected Products : dolphinscheduler
    • EPSS Score: %3.08
    • Published: Jan. 04, 2023
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-45810

    Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation f... Read more

    Affected Products : icegram_express
    • EPSS Score: %0.69
    • Published: Nov. 07, 2023
    • Modified: Feb. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-46170

    CodeIgniter is a PHP full-stack web framework. When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseHandler`, `MemcachedHandler`, or `RedisHandler`, then if ... Read more

    Affected Products : codeigniter
    • EPSS Score: %0.22
    • Published: Dec. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45789

    A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versio... Read more

    • EPSS Score: %0.06
    • Published: Jan. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45788

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected... Read more

    • EPSS Score: %0.29
    • Published: Jan. 30, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-46383

    RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within... Read more

    Affected Products : digital_rebar
    • EPSS Score: %0.28
    • Published: Dec. 06, 2022
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-46071

    There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.... Read more

    Affected Products : helmet_store_showroom_site
    • EPSS Score: %71.58
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-46319

    Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.10
    • Published: Dec. 20, 2022
    • Modified: Apr. 16, 2025
Showing 20 of 292628 Results