Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

6.5

MEDIUM

CVE-2022-22518

A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy....

Affected Products : control_for_beaglebone_sl control_for_empc-a\/imx6_sl control_for_iot2000_sl control_for_linux_sl control_for_pfc100_sl control_for_pfc200_sl control_for_raspberry_pi_sl control_for_wago_touch_panels_600_sl control_runtime_system_toolkit control_for_beckhoff_cx9020
Published: Apr. 07, 2022

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2022-22517

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed....

Affected Products : gateway development_system edge_gateway hmi_sl plchandler control_for_beaglebone_sl control_for_empc-a\/imx6_sl control_for_iot2000_sl control_for_linux_sl control_for_pfc100_sl +16 more products
Published: Apr. 07, 2022

Modified: Nov. 21, 2024
7.8

HIGH

CVE-2022-22516

The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space....

Affected Products : windows development_system control_rte_sl control_rte_sl_\(for_beckhoff_cx\) control_win_sl development_system_v3 control_rte_\(for_beckhoff_cx\)_sl control_rte_\(sl\) control_win_\(sl\)
Published: Apr. 07, 2022

Modified: Nov. 21, 2024
8.1

HIGH

CVE-2022-22515

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products....

Affected Products : development_system hmi_sl control_for_beaglebone_sl control_for_empc-a\/imx6_sl control_for_iot2000_sl control_for_linux_sl control_for_pfc100_sl control_for_pfc200_sl control_for_plcnext_sl control_for_raspberry_pi_sl +13 more products
Published: Apr. 07, 2022

Modified: Nov. 21, 2024
7.1

HIGH

CVE-2022-22514

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor ...

Affected Products : gateway development_system edge_gateway hmi_sl control_for_beaglebone_sl control_for_empc-a\/imx6_sl control_for_iot2000_sl control_for_linux_sl control_for_pfc100_sl control_for_pfc200_sl +15 more products
Published: Apr. 07, 2022

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2022-22513

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash....

Affected Products : gateway development_system edge_gateway hmi_sl control_for_beaglebone_sl control_for_empc-a\/imx6_sl control_for_iot2000_sl control_for_linux_sl control_for_pfc100_sl control_for_pfc200_sl +15 more products
Published: Apr. 07, 2022

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2022-22512

Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network....

Affected Products : element_backup_firmware element_s1_firmware element_s2_firmware element_s3_firmware element_s4_firmware one_l_firmware one_xl_firmware pulse_firmware element_backup element_s1 +6 more products
Published: Mar. 23, 2023

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2022-22511

Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has bee...

Affected Products : 750-8202_firmware 750-8202\/000-012_firmware 750-8202\/000-022_firmware 750-8202\/025-000_firmware 750-8202\/025-001_firmware 751-9301_firmware 752-8303\/8000-002_firmware 750-8100_firmware 750-8101_firmware 750-8101\/025-000_firmware +39 more products
Published: Mar. 09, 2022

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2022-22510

Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP....

Affected Products : profinet
Published: Feb. 02, 2022

Modified: Nov. 21, 2024
9.0

HIGH

CVE-2022-22509

In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration....

Affected Products : fl_switch_2005_firmware fl_switch_2008_firmware fl_switch_2008f_firmware fl_switch_2016_firmware fl_switch_2105_firmware fl_switch_2108_firmware fl_switch_2116_firmware fl_switch_2204-2tc-2sfx_firmware fl_switch_2206-2fx_firmware fl_switch_2206-2fx_sm_firmware +120 more products
Published: Feb. 02, 2022

Modified: Nov. 21, 2024
4.3

MEDIUM

CVE-2022-22508

Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type....

Affected Products : control_for_beaglebone_sl control_for_empc-a\/imx6_sl control_for_iot2000_sl control_for_linux_sl control_for_pfc100_sl control_for_pfc200_sl control_for_plcnext_sl control_for_raspberry_pi_sl control_for_wago_touch_panels_600_sl control_runtime_system_toolkit +4 more products
Published: May. 15, 2023

Modified: Nov. 21, 2024
4.6

MEDIUM

CVE-2022-22506

IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293....

Affected Products : robotic_process_automation
Published: Feb. 12, 2024

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2022-22505

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. IBM X-Force ID: 227288....

Affected Products : robotic_process_automation
Published: Aug. 01, 2022

Modified: Nov. 21, 2024
6.1

MEDIUM

CVE-2022-22503

IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions ...

Affected Products : robotic_process_automation robotic_process_automation_as_a_service
Published: Oct. 06, 2022

Modified: Nov. 21, 2024
5.4

MEDIUM

CVE-2022-22502

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

Affected Products : robotic_process_automation robotic_process_automation_for_cloud_pak robotic_process_automation_as_a_service
Published: Jun. 24, 2022

Modified: Nov. 21, 2024
7.5

HIGH

CVE-2022-22497

IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951....

Affected Products : aspera_faspex
Published: May. 24, 2022

Modified: Nov. 21, 2024
6.5

MEDIUM

CVE-2022-22496

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 22...

Affected Products : linux_kernel aix windows spectrum_protect_server
Published: Jun. 30, 2022

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2022-22495

IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941....

Affected Products : i i
Published: May. 24, 2022

Modified: Nov. 21, 2024
5.3

MEDIUM

CVE-2022-22494

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IB...

Affected Products : linux_kernel aix windows spectrum_protect_operations_center
Published: Jun. 30, 2022

Modified: Nov. 21, 2024
8.8

HIGH

CVE-2022-22493

IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449....

Affected Products : linux_kernel websphere_automation_for_ibm_cloud_pak_for_watson_aiops
Published: Oct. 07, 2022

Modified: Nov. 21, 2024

Showing 20 of 294860 Results

Browse by Apps

Latest CVE Feed

6.5

7.5

7.8

8.1

7.1

6.5

9.8

5.4

7.5

9.0

4.3

4.6

7.5

6.1

5.4

7.5

6.5

8.8

5.3

8.8

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable