Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

8.8

HIGH

CVE-2022-22723

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functio...

Affected Products : easergy_p5_firmware easergy_p3_firmware easergy_p5
Published: Feb. 04, 2022

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2022-22722

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the pro...

Affected Products : easergy_p5_firmware easergy_p5
Published: Feb. 04, 2022

Modified: Nov. 21, 2024
9.1

CRITICAL

CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier....

Affected Products : fedora zfs_storage_appliance_kit debian_linux macos http_server enterprise_manager_ops_center mac_os_x http_server
Published: Mar. 14, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2022-22720

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling...

Affected Products : fedora zfs_storage_appliance_kit debian_linux macos http_server enterprise_manager_ops_center mac_os_x http_server
Published: Mar. 14, 2022

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2022-22719

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier....

Affected Products : fedora zfs_storage_appliance_kit debian_linux macos http_server mac_os_x http_server
Published: Mar. 14, 2022

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2022-22718

Windows Print Spooler Elevation of Privilege Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +14 more products
Actively Exploited

Published: Feb. 09, 2022

Modified: Nov. 21, 2024
7.0

HIGH

CVE-2022-22717

Windows Print Spooler Elevation of Privilege Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +14 more products
Published: Feb. 09, 2022

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2022-22716

Microsoft Excel Information Disclosure Vulnerability...

Affected Products : office sharepoint_server 365_apps office_web_apps excel office_online_server office_long_term_servicing_channel office_web_apps_server
Published: Feb. 09, 2022

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2022-22715

Named Pipe File System Elevation of Privilege Vulnerability...

Affected Products : windows_10 windows_server_2019 windows_server windows_10_1809 windows_10_20h2 windows_10_21h2 windows_server_2022 windows_11_21h2 windows_11 windows +3 more products
Published: Feb. 09, 2022

Modified: Nov. 21, 2024
5.6

MEDIUM

CVE-2022-22712

Windows Hyper-V Denial of Service Vulnerability...

Affected Products : windows_10 windows_server_2019 windows_server windows_10_1809 windows_10_21h2 windows_server_2022 windows_11_21h2 windows_11 windows windows_10_21h1 +2 more products
Published: Feb. 09, 2022

Modified: Nov. 21, 2024
5.7

MEDIUM

CVE-2022-22711

Windows BitLocker Information Disclosure Vulnerability...

Affected Products : windows_10 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_server_2022 windows_11_21h2 +5 more products
Published: Jul. 12, 2022

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2022-22710

Windows Common Log File System Driver Denial of Service Vulnerability...

Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +14 more products
Published: Feb. 09, 2022

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2022-22709

VP9 Video Extensions Remote Code Execution Vulnerability...

Affected Products : vp9_video_extensions
Published: Feb. 09, 2022

Modified: Nov. 21, 2024
5.9

MEDIUM

CVE-2022-22707

In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. T...

Affected Products : debian_linux lighttpd
Published: Jan. 06, 2022

Modified: Nov. 21, 2024
10.0

HIGH

CVE-2022-22704

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration....

Affected Products : zabbix-agent2 alpine_linux
Published: Jan. 06, 2022

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2022-22703

In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer....

Affected Products : windows stormshield_network_security network_security
Published: Jan. 17, 2022

Modified: Nov. 21, 2024
4.3

MEDIUM

CVE-2022-22702

PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration....

Affected Products : partkeepr
Published: Jan. 10, 2022

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2022-22701

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files....

Affected Products : partkeepr
Published: Jan. 10, 2022

Modified: Nov. 21, 2024
5.3

MEDIUM

CVE-2022-22700

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determi...

Affected Products : identity
Published: Mar. 03, 2022

Modified: Nov. 21, 2024
7.4

HIGH

CVE-2022-22691

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers serve...

Affected Products : umbraco_cms
Published: Jan. 18, 2022

Modified: Nov. 21, 2024

Showing 20 of 294858 Results

Browse by Apps

Latest CVE Feed

8.8

7.5

9.1

9.8

7.5

7.8

7.0

5.5

7.8

5.6

5.7

5.5

7.8

5.9

10.0

5.5

4.3

6.5

5.3

7.4

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable