Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-32227

    A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an oauth token leak in the product.... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2022-32226

    An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accepted by the server, so that instead ... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2022-32218

    An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries.... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 5.3

    MEDIUM
    CVE-2022-32217

    A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs.... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 3.7

    LOW
    CVE-2022-31679

    Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP reque... Read more

    Affected Products : spring_data_rest
    • Published: Sep. 21, 2022
    • Modified: May. 22, 2025

  • 9.0

    CRITICAL
    CVE-2022-30577

    The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack usi... Read more

    Affected Products : ebx
    • Published: Sep. 21, 2022
    • Modified: May. 22, 2025

  • 6.8

    MEDIUM
    CVE-2022-30124

    An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code).... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-2413

    The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even ... Read more

    Affected Products : slide_anything
    • Published: Jan. 16, 2024
    • Modified: May. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-28886

    A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine... Read more

    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.8

    HIGH
    CVE-2022-27492

    An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.... Read more

    Affected Products : whatsapp
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 8.8

    HIGH
    CVE-2022-26700

    A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.... Read more

    Affected Products : macos iphone_os tvos watchos safari ipados
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2022-23952

    In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable.... Read more

    Affected Products : keylime
    • Published: Sep. 21, 2022
    • Modified: May. 22, 2025

  • 9.1

    CRITICAL
    CVE-2022-23144

    There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.... Read more

    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 8.8

    HIGH
    CVE-2022-22624

    A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.... Read more

    Affected Products : macos iphone_os tvos safari ipad_os ipados
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 8.8

    HIGH
    CVE-2022-22610

    A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution.... Read more

    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-20019

    In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6833 mt6853 mt6853t mt6873 mt6875 mt6877 +30 more products
    • Published: Jan. 04, 2022
    • Modified: May. 22, 2025

  • 6.7

    MEDIUM
    CVE-2022-20014

    In vow driver, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05857308; Issue... Read more

    Affected Products : android mt6781 mt6785 mt6833 mt6853 mt6853t mt6873 mt6877 mt6883 mt6885 +8 more products
    • Published: Jan. 04, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2021-45116

    An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or... Read more

    Affected Products : fedora django
    • Published: Jan. 05, 2022
    • Modified: May. 22, 2025

  • 6.6

    MEDIUM
    CVE-2021-3782

    An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large... Read more

    Affected Products : wayland
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 9.8

    CRITICAL
    CVE-2021-39990

    The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience.... Read more

    Affected Products : harmonyos
    • Published: Jan. 03, 2022
    • Modified: May. 22, 2025
Showing 20 of 292767 Results