Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-44193

    Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44038

    Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component.... Read more

    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2017-7525

    A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMa... Read more

    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-43977

    An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control.... Read more

    Affected Products : ms_3000_firmware ms_3000
    • Published: Jan. 17, 2023
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2022-44567

    A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). ... Read more

    Affected Products : rocket.chat
    • Published: Dec. 23, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-44200

    Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-43976

    An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication.... Read more

    Affected Products : ms_3000_firmware ms_3000
    • Published: Jan. 17, 2023
    • Modified: Apr. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-44049

    The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is... Read more

    Affected Products : d8s-python
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-43979

    There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could inser... Read more

    Affected Products : pandora_fms
    • Published: Jan. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-44457

    A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 comp... Read more

    Affected Products : saml
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-43974

    MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0.... Read more

    Affected Products : matrixssl
    • Published: Jan. 09, 2023
    • Modified: Mar. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-44001

    An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed.... Read more

    Affected Products : backclick
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44290

    webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.... Read more

    Affected Products : webtareas
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-43755

    A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions ... Read more

    Affected Products : rancher rancher
    • Published: Feb. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-44251

    TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-43764

    Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer overflow. This may lead to Denial-of-Service conditions or execution of arbitrary code. ... Read more

    Affected Products : industrial_automation_aprol
    • Published: Feb. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-43747

    baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in security update S-2022-01, which contains fixed bMA setup files for these versions. This also is fixed in baramu... Read more

    Affected Products : management_suite
    • Published: Oct. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-43775

    The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.... Read more

    Affected Products : diaenergie
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2019-10672

    treeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and additions.... Read more

    Affected Products : libmysofa libmysofa
    • Published: Mar. 31, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-43781

    There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be una... Read more

    • Published: Nov. 17, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293284 Results