Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2022-21954

    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-21953

    A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6... Read more

    Affected Products : rancher rancher
    • Published: Feb. 07, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-21952

    A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4... Read more

    Affected Products : manager_server
    • Published: Jun. 22, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2022-21951

    A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE te... Read more

    Affected Products : rancher rancher
    • Published: May. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-21950

    A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions pri... Read more

    • Published: Sep. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2022-21949

    A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escal... Read more

    Affected Products : open_build_service
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-21948

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE paste paste version b57b9f87e303a3db9465776e657378e9684... Read more

    Affected Products : paste
    • Published: Feb. 07, 2023
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-21947

    A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V.... Read more

    Affected Products : rancher rancher_desktop
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-21946

    A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen see... Read more

    Affected Products : factory openldap2 cscreen
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-21945

    A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.... Read more

    Affected Products : factory openldap2 cscreen
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-21944

    A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior... Read more

    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-21941

    All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system.... Read more

    Affected Products : istar_ultra_firmware istar_ultra
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-21940

    Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.... Read more

    Affected Products : metasys_system_configuration_tool
    • Published: Feb. 09, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-21939

    Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.... Read more

    Affected Products : metasys_system_configuration_tool
    • Published: Feb. 09, 2023
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-21938

    Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface.... Read more

    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2022-21937

    Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface.... Read more

    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-21936

    On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI.... Read more

    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-21935

    A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change.... Read more

    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-21934

    Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2.... Read more

    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-21933

    ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting ... Read more

    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294858 Results