Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2022-22932

    Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision:... Read more

    Affected Products : karaf
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-22931

    Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed... Read more

    Affected Products : james
    • Published: Feb. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22930

    A remote code execution (RCE) vulnerability in the Template Management function of MCMS v5.2.4 allows attackers to execute arbitrary code via a crafted payload.... Read more

    Affected Products : mcms
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22929

    MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.... Read more

    Affected Products : mcms
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22928

    MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing attackers to exploit the key and execute arbitrary code.... Read more

    Affected Products : mcms
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22922

    TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges.... Read more

    Affected Products : tl-wa850re_firmware tl-wa850re
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-22919

    Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SSO login URLs.... Read more

    Affected Products : axiomsl_controllerview
    • Published: Jan. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22916

    O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.... Read more

    Affected Products : o2oa
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-22914

    An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal.... Read more

    Affected Products : ovidentia
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22912

    Prototype pollution vulnerability via .parse() in Plist before v3.0.4 allows attackers to cause a Denial of Service (DoS) and may lead to remote code execution.... Read more

    Affected Products : plist
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-22909

    HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.... Read more

    Affected Products : hoteldruid
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-22908

    SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields.... Read more

    Affected Products : vdi_client
    • Published: Feb. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-22901

    There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9.... Read more

    Affected Products : jerryscript
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-22899

    Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service (DoS) via a crafted packet through the SSH service.... Read more

    Affected Products : core_ftp
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22897

    A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.... Read more

    Affected Products : ap_pagebuilder
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-22895

    Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecma/base/ecma-helpers-conversion.c.... Read more

    Affected Products : jerryscript
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-22894

    Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/ecma/base/ecma-lcache.c.... Read more

    Affected Products : jerryscript
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-22893

    Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core/vm/vm.c.... Read more

    Affected Products : jerryscript
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-22892

    There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma_is_value_number (value) || ecma_is_value_string (value) || ecma_is_value_bigint (value) || ecma_is_value_symbol (value) || ecma_i... Read more

    Affected Products : jerryscript
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-22891

    Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via ecma_ref_object_inline in /jerry-core/ecma/base/ecma-gc.c.... Read more

    Affected Products : jerryscript
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results