Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

5.4

MEDIUM

CVE-2022-22511

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has bee...

Affected Products : 750-8202_firmware 750-8202\/000-012_firmware 750-8202\/000-022_firmware 750-8202\/025-000_firmware 750-8202\/025-001_firmware 751-9301_firmware 752-8303\/8000-002_firmware 750-8100_firmware 750-8101_firmware 750-8101\/025-000_firmware +39 more products
Published: Mar. 09, 2022

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2022-22510

Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP....

Affected Products : profinet
Published: Feb. 02, 2022

Modified: Nov. 21, 2024
9.0

HIGH

CVE-2022-22509

In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration....

Affected Products : fl_switch_2005_firmware fl_switch_2008_firmware fl_switch_2008f_firmware fl_switch_2016_firmware fl_switch_2105_firmware fl_switch_2108_firmware fl_switch_2116_firmware fl_switch_2204-2tc-2sfx_firmware fl_switch_2206-2fx_firmware fl_switch_2206-2fx_sm_firmware +120 more products
Published: Feb. 02, 2022

Modified: Nov. 21, 2024
4.3

MEDIUM

CVE-2022-22508

Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type....

Affected Products : control_for_beaglebone_sl control_for_empc-a\/imx6_sl control_for_iot2000_sl control_for_linux_sl control_for_pfc100_sl control_for_pfc200_sl control_for_plcnext_sl control_for_raspberry_pi_sl control_for_wago_touch_panels_600_sl control_runtime_system_toolkit +4 more products
Published: May. 15, 2023

Modified: Nov. 21, 2024
4.6

MEDIUM

CVE-2022-22506

IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293....

Affected Products : robotic_process_automation
Published: Feb. 12, 2024

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2022-22505

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. IBM X-Force ID: 227288....

Affected Products : robotic_process_automation
Published: Aug. 01, 2022

Modified: Nov. 21, 2024
6.1

MEDIUM

CVE-2022-22503

IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions ...

Affected Products : robotic_process_automation robotic_process_automation_as_a_service
Published: Oct. 06, 2022

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2022-22502

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

Affected Products : robotic_process_automation robotic_process_automation_for_cloud_pak robotic_process_automation_as_a_service
Published: Jun. 24, 2022

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2022-22497

IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951....

Affected Products : aspera_faspex
Published: May. 24, 2022

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2022-22496

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 22...

Affected Products : linux_kernel aix windows spectrum_protect_server
Published: Jun. 30, 2022

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2022-22495

IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941....

Affected Products : i i
Published: May. 24, 2022

Modified: Nov. 21, 2024
5.3

MEDIUM

CVE-2022-22494

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IB...

Affected Products : linux_kernel aix windows spectrum_protect_operations_center
Published: Jun. 30, 2022

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2022-22493

IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449....

Affected Products : linux_kernel websphere_automation_for_ibm_cloud_pak_for_watson_aiops
Published: Oct. 07, 2022

Modified: Nov. 21, 2024
4.9

MEDIUM

CVE-2022-22490

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. IBM X-Force ID: 226342....

Affected Products : robotic_process_automation robotic_process_automation_for_cloud_pak robotic_process_automation_as_a_service windows
Published: Aug. 10, 2022

Modified: Nov. 21, 2024
9.1

CRITICAL

CVE-2022-22489

IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources....

Affected Products : linux_kernel mq windows
Published: Aug. 19, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2022-22487

An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability usin...

Affected Products : linux_kernel aix windows spectrum_protect_server
Published: Jun. 30, 2022

Modified: Nov. 21, 2024
10.0

CRITICAL

CVE-2022-22486

IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM ...

Affected Products : tivoli_workload_scheduler
Published: Feb. 03, 2023

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2022-22485

In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit...

Affected Products : linux_kernel aix windows spectrum_protect_operations_center spectrum_protect_server
Published: Jun. 17, 2022

Modified: Nov. 21, 2024
5.5

MEDIUM

CVE-2022-22484

IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser ...

Affected Products : linux_kernel aix windows spectrum_protect spectrum_protect_operations_center
Published: May. 17, 2022

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2022-22483

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225...

Affected Products : linux_kernel aix hp-ux db2 solaris windows
Published: Sep. 13, 2022

Modified: Nov. 21, 2024

Showing 20 of 294853 Results

Browse by Apps

Latest CVE Feed

5.4

7.5

9.0

4.3

4.6

7.5

6.1

5.4

7.5

6.5

8.8

5.3

8.8

4.9

9.1

9.8

10.0

9.8

5.5

6.5

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable