Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-2487

    A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to os command injection. The exploit has... Read more

    • Published: Jul. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2475

    Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to acc... Read more

    • Published: Oct. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2751

    A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/add-portfolio.php. The manipulation of the argument ufile leads to unrestricted upload.... Read more

    Affected Products : company_website_cms
    • Published: Aug. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2687

    A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. Affected is an unknown function. The manipulation of the argument user_pass leads to sql injection. It is possible to launch the attack remotely. The exp... Read more

    • Published: Aug. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2467

    A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username with the input [email protected]' AND (SELECT 6427 FR... Read more

    Affected Products : garage_management_system
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2329

    A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Products: I... Read more

    • Published: Feb. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2336

    Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Up... Read more

    • Published: Aug. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2302

    Multiple Lenze products of the cabinet series skip the password verification upon second login. After a user has been logged on to the device once, a remote attacker can get full access without knowledge of the password.... Read more

    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2269

    The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manage_options capability (by default admins), leading to an SQL injection... Read more

    Affected Products : website_file_changes_monitor
    • Published: Aug. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-5334

    Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certifica... Read more

    Affected Products : leap gnutls axc_f_2152_firmware
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-2321

    Improper Restriction of Excessive Authentication Attempts in GitHub repository heroiclabs/nakama prior to 3.13.0. This results in login brute-force attacks.... Read more

    Affected Products : nakama
    • Published: Jul. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2242

    The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default).... Read more

    Affected Products : systemsoftware_v\/kss
    • Published: Aug. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2216

    Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.... Read more

    Affected Products : parse-url
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2107

    The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobil... Read more

    Affected Products : mv720_firmware mv720
    • Published: Jul. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2141

    SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication.... Read more

    Affected Products : mv720_firmware mv720
    • Published: Jul. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2098

    Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.... Read more

    Affected Products : titra
    • Published: Jun. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2131

    OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection attack.... Read more

    Affected Products : openkm
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2166

    Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0.... Read more

    Affected Products : mastodon
    • Published: Nov. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2037

    Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0.... Read more

    Affected Products : tooljet
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2025

    an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an attacker to exe... Read more

    Affected Products : gds3710_firmware gds3710
    • Published: Sep. 23, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results