Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2022-41248

    Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.... Read more

    Affected Products : bigpanda_notifier
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2022-41247

    Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.... Read more

    Affected Products : bigpanda_notifier
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2022-41246

    A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, ... Read more

    Affected Products : worksoft_execution_manager
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 6.1

    MEDIUM
    CVE-2022-40754

    In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.... Read more

    Affected Products : airflow
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2022-40604

    In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.... Read more

    Affected Products : airflow
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2022-39975

    The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "C... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2022-38928

    XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.... Read more

    Affected Products : xpdf
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2022-37877

    A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance ... Read more

    Affected Products : macos clearpass_policy_manager
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 5.4

    MEDIUM
    CVE-2022-37246

    Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.... Read more

    Affected Products : craft_cms
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-37026

    In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.... Read more

    Affected Products : erlang\/otp
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 5.5

    MEDIUM
    CVE-2022-35085

    SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.... Read more

    Affected Products : swftools
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-32882

    This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences.... Read more

    Affected Products : macos
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 5.3

    MEDIUM
    CVE-2022-32861

    A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address.... Read more

    Affected Products : macos safari
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2022-32211

    A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret.... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 5.4

    MEDIUM
    CVE-2022-28978

    Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service... Read more

    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2022-28637

    A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard... Read more

    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2022-23685

    A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a remote unauthenticated attacker to execute arbitrary input aga... Read more

    Affected Products : clearpass_policy_manager
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 4.8

    MEDIUM
    CVE-2024-46333

    An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function.... Read more

    Affected Products : piwigo
    • Published: Sep. 27, 2024
    • Modified: May. 27, 2025

  • 7.6

    HIGH
    CVE-2024-46510

    ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface... Read more

    Affected Products : cdg
    • Published: Sep. 30, 2024
    • Modified: May. 27, 2025

  • 6.3

    MEDIUM
    CVE-2024-46485

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate... Read more

    Affected Products : dingfanzu dingfanzu_cms
    • Published: Sep. 25, 2024
    • Modified: May. 27, 2025
Showing 20 of 292916 Results