Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-3435

    A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate t... Read more

    Affected Products : linux_kernel fedora debian_linux
    • Published: Oct. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-3053

    Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page.... Read more

    Affected Products : fedora chrome macos edge_chromium
    • Published: Sep. 26, 2022
    • Modified: May. 21, 2025

  • 4.3

    MEDIUM
    CVE-2022-3126

    The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf... Read more

    Affected Products : frontend_file_manager_plugin
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 4.3

    MEDIUM
    CVE-2022-23113

    Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenk... Read more

    Affected Products : publish_over_ssh
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-29974

    AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow. This driver is, for example, used in certain ASUS devices.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 12, 2024

  • 4.3

    MEDIUM
    CVE-2022-34561

    A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter.... Read more

    Affected Products : phpfox
    • Published: Apr. 22, 2024
    • Modified: Apr. 22, 2025

  • 4.3

    MEDIUM
    CVE-2022-37981

    Windows Event Logging Service Denial of Service Vulnerability... Read more

    • Published: Oct. 11, 2022
    • Modified: Jan. 02, 2025

  • 4.3

    MEDIUM
    CVE-2022-29950

    Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories name parameter to the Subrules page. NOTE: the vendor disputes this bec... Read more

    Affected Products : hunter
    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-29905

    The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF.... Read more

    Affected Products : mediawiki
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-3447

    Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : android chrome edge_chromium
    • Published: Nov. 09, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-27909

    In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can change some parameters in the address bar and see the names of other users' files... Read more

    Affected Products : jdownloads
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-34208

    A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.... Read more

    Affected Products : beaker_builder
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-29915

    The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100.... Read more

    Affected Products : firefox
    • Published: Dec. 22, 2022
    • Modified: Apr. 15, 2025

  • 4.3

    MEDIUM
    CVE-2022-27174

    Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page... Read more

    Affected Products : easy_blog
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-28718

    Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.... Read more

    Affected Products : garoon
    • Published: Jul. 04, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-27622

    Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.... Read more

    • Published: Oct. 25, 2022
    • Modified: Jan. 14, 2025

  • 4.3

    MEDIUM
    CVE-2022-27841

    Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication... Read more

    Affected Products : samsung_pass pass
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-29836

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain paramete... Read more

    • Published: Nov. 09, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-30724

    Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.... Read more

    Affected Products : android dex
    • Published: Jun. 07, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-53243

    In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see ale... Read more

    Affected Products : splunk splunk_secure_gateway
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024
Showing 20 of 294737 Results