Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2022-21126

    The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory befor... Read more

    Affected Products : htsjdk
    • Published: Nov. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-21124

    Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This v... Read more

    Affected Products : cx-programmer
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-21122

    The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor.... Read more

    Affected Products : metacalc
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-20969

    A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitiz... Read more

    Affected Products : umbrella
    • Published: Nov. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-20968

    A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insuffici... Read more

    • Published: Dec. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-20967

    A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vu... Read more

    Affected Products : identity_services_engine
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-20966

    A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vu... Read more

    Affected Products : identity_services_engine
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-20965

    A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access con... Read more

    Affected Products : identity_services_engine
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-20964

    A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of u... Read more

    Affected Products : identity_services_engine
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-20963

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected ... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-20962

    A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient i... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-20961

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. Thi... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-20960

    A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of cert... Read more

    • Published: Nov. 04, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-20959

    A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.... Read more

    Affected Products : identity_services_engine
    • Published: Oct. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-20958

    A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to i... Read more

    • Published: Nov. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-20956

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-20955

    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more informat... Read more

    • Published: Oct. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-20954

    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more informat... Read more

    • Published: Oct. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-20953

    Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more informat... Read more

    • Published: Oct. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-20952

    A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic o... Read more

    Affected Products : asyncos s195 s395 s695
    • Published: Mar. 01, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294795 Results