Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2022-21145

    A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigge... Read more

    Affected Products : lansweeper
    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-21144

    This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 wil... Read more

    Affected Products : libxmljs
    • Published: May. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-21143

    MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary co... Read more

    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-21142

    Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a r... Read more

    Affected Products : a-blog_cms
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-21141

    MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these f... Read more

    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-21137

    Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products : cx-one
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2022-21134

    A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger th... Read more

    Affected Products : rlc-410w_firmware rlc-410w
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-21132

    Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside... Read more

    Affected Products : pfsense-pkg-wireguard
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-21126

    The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory befor... Read more

    Affected Products : htsjdk
    • Published: Nov. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-21124

    Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This v... Read more

    Affected Products : cx-programmer
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-21122

    The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor.... Read more

    Affected Products : metacalc
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-20969

    A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitiz... Read more

    Affected Products : umbrella
    • Published: Nov. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-20968

    A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insuffici... Read more

    • Published: Dec. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-20967

    A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vu... Read more

    Affected Products : identity_services_engine
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-20966

    A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vu... Read more

    Affected Products : identity_services_engine
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-20965

    A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access con... Read more

    Affected Products : identity_services_engine
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-20964

    A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of u... Read more

    Affected Products : identity_services_engine
    • Published: Jan. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-20963

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected ... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-20962

    A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient i... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-20961

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. Thi... Read more

    Affected Products : identity_services_engine
    • Published: Nov. 04, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294836 Results