Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-26285

    Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.... Read more

    Affected Products : simple_client_management_system
    • EPSS Score: %3.04
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-22653

    In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, ... Read more

    • EPSS Score: %0.10
    • Published: Jan. 20, 2023
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-26207

    Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerabilit... Read more

    • EPSS Score: %17.83
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26342

    A buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger t... Read more

    • EPSS Score: %0.44
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26211

    Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerabilit... Read more

    • EPSS Score: %17.83
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26134

    In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 b... Read more

    • Actively Exploited
    • EPSS Score: %94.43
    • Published: Jun. 03, 2022
    • Modified: Feb. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-26209

    Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerabilit... Read more

    • EPSS Score: %17.83
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26131

    Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals.... Read more

    Affected Products : plc4trucks_firmware plc4trucks
    • EPSS Score: %0.24
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26148

    An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and... Read more

    Affected Products : grafana ceph_storage storage
    • EPSS Score: %85.84
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26094

    Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.... Read more

    Affected Products : android dex
    • EPSS Score: %0.38
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26138

    The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowled... Read more

    • Actively Exploited
    • EPSS Score: %94.26
    • Published: Jul. 20, 2022
    • Modified: Feb. 19, 2025

  • 9.8

    CRITICAL
    CVE-2022-26082

    A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence o... Read more

    • EPSS Score: %2.70
    • Published: May. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26188

    TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost.... Read more

    Affected Products : n600r_firmware n600r
    • EPSS Score: %14.90
    • Published: Mar. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-25894

    All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input validation.... Read more

    Affected Products : uflo
    • EPSS Score: %6.84
    • Published: Jan. 26, 2023
    • Modified: Apr. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-25921

    All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor.... Read more

    Affected Products : morgan-json
    • EPSS Score: %1.00
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-25912

    The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://secu... Read more

    Affected Products : simple-git
    • EPSS Score: %41.27
    • Published: Dec. 06, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-25842

    All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can ... Read more

    Affected Products : one-java-agent
    • EPSS Score: %2.71
    • Published: May. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-25987

    Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler Classic before version 2021.6 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privile... Read more

    • EPSS Score: %0.60
    • Published: Feb. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26097

    Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.... Read more

    Affected Products : android dex
    • EPSS Score: %0.30
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-25708

    Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobile... Read more

    • EPSS Score: %0.25
    • Published: Sep. 16, 2022
    • Modified: Jun. 04, 2025
Showing 20 of 292495 Results