Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-44456

    CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request.... Read more

    Affected Products : conprosys_hmi_system
    • Published: Dec. 19, 2022
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-44581

    Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2.... Read more

    • Published: May. 17, 2024
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-44544

    Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.... Read more

    Affected Products : ubuntu_linux mahara
    • Published: Nov. 06, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-44117

    Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL.... Read more

    Affected Products : boa
    • Published: Nov. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-44193

    Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44038

    Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component.... Read more

    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2017-7525

    A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMa... Read more

    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-43977

    An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control.... Read more

    Affected Products : ms_3000_firmware ms_3000
    • Published: Jan. 17, 2023
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2022-44567

    A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). ... Read more

    Affected Products : rocket.chat
    • Published: Dec. 23, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-44200

    Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-43976

    An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication.... Read more

    Affected Products : ms_3000_firmware ms_3000
    • Published: Jan. 17, 2023
    • Modified: Apr. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-44049

    The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is... Read more

    Affected Products : d8s-python
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-43979

    There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could inser... Read more

    Affected Products : pandora_fms
    • Published: Jan. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-44457

    A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 comp... Read more

    Affected Products : saml
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-43974

    MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0.... Read more

    Affected Products : matrixssl
    • Published: Jan. 09, 2023
    • Modified: Mar. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-44001

    An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed.... Read more

    Affected Products : backclick
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44290

    webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.... Read more

    Affected Products : webtareas
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-43755

    A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions ... Read more

    Affected Products : rancher rancher
    • Published: Feb. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-44251

    TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-43764

    Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer overflow. This may lead to Denial-of-Service conditions or execution of arbitrary code. ... Read more

    Affected Products : industrial_automation_aprol
    • Published: Feb. 08, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293329 Results