Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.8

HIGH

CVE-2022-22718

Windows Print Spooler Elevation of Privilege Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +14 more products
Actively Exploited

Published: Feb. 09, 2022

Modified: Nov. 21, 2024
7.0

HIGH

CVE-2022-22717

Windows Print Spooler Elevation of Privilege Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +14 more products
Published: Feb. 09, 2022

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2022-22716

Microsoft Excel Information Disclosure Vulnerability...

Affected Products : office sharepoint_server 365_apps office_web_apps excel office_online_server office_long_term_servicing_channel office_web_apps_server
Published: Feb. 09, 2022

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2022-22715

Named Pipe File System Elevation of Privilege Vulnerability...

Affected Products : windows_10 windows_server_2019 windows_server windows_10_1809 windows_10_20h2 windows_10_21h2 windows_server_2022 windows_11_21h2 windows_11 windows +3 more products
Published: Feb. 09, 2022

Modified: Nov. 21, 2024
5.6

MEDIUM

CVE-2022-22712

Windows Hyper-V Denial of Service Vulnerability...

Affected Products : windows_10 windows_server_2019 windows_server windows_10_1809 windows_10_21h2 windows_server_2022 windows_11_21h2 windows_11 windows windows_10_21h1 +2 more products
Published: Feb. 09, 2022

Modified: Nov. 21, 2024
5.7

MEDIUM

CVE-2022-22711

Windows BitLocker Information Disclosure Vulnerability...

Affected Products : windows_10 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_server_2022 windows_11_21h2 +5 more products
Published: Jul. 12, 2022

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2022-22710

Windows Common Log File System Driver Denial of Service Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +14 more products
Published: Feb. 09, 2022

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2022-22709

VP9 Video Extensions Remote Code Execution Vulnerability...

Affected Products : vp9_video_extensions
Published: Feb. 09, 2022

Modified: Nov. 21, 2024
5.9

MEDIUM

CVE-2022-22707

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. T...

Affected Products : debian_linux lighttpd
Published: Jan. 06, 2022

Modified: Nov. 21, 2024
10.0

HIGH

CVE-2022-22704

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration....

Affected Products : zabbix-agent2 alpine_linux
Published: Jan. 06, 2022

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2022-22703

In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer....

Affected Products : windows stormshield_network_security network_security
Published: Jan. 17, 2022

Modified: Nov. 21, 2024
4.3

MEDIUM

CVE-2022-22702

PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration....

Affected Products : partkeepr
Published: Jan. 10, 2022

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2022-22701

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files....

Affected Products : partkeepr
Published: Jan. 10, 2022

Modified: Nov. 21, 2024
5.3

MEDIUM

CVE-2022-22700

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determi...

Affected Products : identity
Published: Mar. 03, 2022

Modified: Nov. 21, 2024
7.4

HIGH

CVE-2022-22691

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers serve...

Affected Products : umbraco_cms
Published: Jan. 18, 2022

Modified: Nov. 21, 2024
8.6

HIGH

CVE-2022-22690

Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL pointing back to the site. For example, when a user resets their password and the application b...

Affected Products : umbraco_cms
Published: Jan. 18, 2022

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2022-22689

CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or comman...

Affected Products : ca_harvest_software_change_manager
Published: Feb. 04, 2022

Modified: Nov. 21, 2024
8.0

HIGH

CVE-2022-22686

Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors....

Affected Products : calendar
Published: Jul. 26, 2022

Modified: Nov. 21, 2024
8.7

HIGH

CVE-2022-22685

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors....

Affected Products : webdav_server
Published: Jul. 28, 2022

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2022-22682

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Affected Products : calendar
Published: Jul. 12, 2022

Modified: Nov. 21, 2024

Showing 20 of 294853 Results

Browse by Apps

Latest CVE Feed

7.8

7.0

5.5

7.8

5.6

5.7

5.5

7.8

5.9

10.0

5.5

4.3

6.5

5.3

7.4

8.6

8.8

8.0

8.7

6.5

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable