Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-45637

    An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism.... Read more

    Affected Products : bofei_dbd\+
    • Published: Mar. 21, 2023
    • Modified: Feb. 26, 2025

  • 9.8

    CRITICAL
    CVE-2022-45479

    PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H... Read more

    Affected Products : pc_keyboard_wifi\&bluetooth
    • Published: Dec. 05, 2022
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-45553

    An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port.... Read more

    Affected Products : we1626_firmware we1626
    • Published: Mar. 03, 2023
    • Modified: Mar. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-45481

    The default configuration of Lazy Mouse does not require a password, allowing remote unauthenticated users to execute arbitrary code with no prior authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H... Read more

    Affected Products : lazy_mouse lazy_mouse
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-45806

    Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4.... Read more

    • Published: Dec. 13, 2024
    • Modified: Feb. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-45400

    Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : japex
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-45396

    Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : sourcemonitor
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-45377

    Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce.This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a through 1.0.8. ... Read more

    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45370

    Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1. ... Read more

    • Published: Nov. 07, 2023
    • Modified: Feb. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-45719

    IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the gotoUrl parameter in the formPortalAuth function.... Read more

    Affected Products : m50_firmware m50
    • Published: Dec. 23, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-45140

    The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.... Read more

    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45135

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.... Read more

    Affected Products : cocoon
    • Published: Nov. 30, 2023
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-45063

    xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of som... Read more

    Affected Products : fedora xterm
    • Published: Nov. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45047

    Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA... Read more

    Affected Products : sshd mina_sshd
    • Published: Nov. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45141

    Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the ... Read more

    Affected Products : samba
    • Published: Mar. 06, 2023
    • Modified: Mar. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-45174

    An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is n... Read more

    Affected Products : vdesk
    • Published: Apr. 14, 2023
    • Modified: Feb. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-44806

    D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow.... Read more

    Affected Products : dir-882_firmware dir-882
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44877

    login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.... Read more

    Affected Products : webpanel
    • Actively Exploited
    • Published: Jan. 05, 2023
    • Modified: Mar. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-44797

    btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking.... Read more

    Affected Products : btcd lightning_network_daemon
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-44785

    An issue was discovered in Appalti & Contratti 9.12.2. The target web applications are subject to multiple SQL Injection vulnerabilities, some of which executable even by unauthenticated users, as demonstrated by the GetListaEnti.do cfamm parameter.... Read more

    Affected Products : appalti_\&_contratti
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025
Showing 20 of 292862 Results