Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-35249

    A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-35099

    SWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixel(unsigned char*) at /xpdf/Stream.cc.... Read more

    Affected Products : swftools
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-35098

    SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via GfxICCBasedColorSpace::getDefaultColor(GfxColor*) at /xpdf/GfxState.cc.... Read more

    Affected Products : swftools
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 5.9

    MEDIUM
    CVE-2022-33683

    Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS conn... Read more

    Affected Products : pulsar
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.8

    HIGH
    CVE-2022-32820

    An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to execute... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-32818

    The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5. An app may be able to leak sensitive kernel state.... Read more

    Affected Products : macos
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2022-32228

    An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing $regex queries to enumerate arbitrary M... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 6.5

    MEDIUM
    CVE-2022-32227

    A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an oauth token leak in the product.... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2022-32226

    An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accepted by the server, so that instead ... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2022-32218

    An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries.... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 5.3

    MEDIUM
    CVE-2022-32217

    A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs.... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 3.7

    LOW
    CVE-2022-31679

    Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP reque... Read more

    Affected Products : spring_data_rest
    • Published: Sep. 21, 2022
    • Modified: May. 22, 2025

  • 9.0

    CRITICAL
    CVE-2022-30577

    The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack usi... Read more

    Affected Products : ebx
    • Published: Sep. 21, 2022
    • Modified: May. 22, 2025

  • 6.8

    MEDIUM
    CVE-2022-30124

    An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code).... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-2413

    The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even ... Read more

    Affected Products : slide_anything
    • Published: Jan. 16, 2024
    • Modified: May. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-28886

    A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine... Read more

    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.8

    HIGH
    CVE-2022-27492

    An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.... Read more

    Affected Products : whatsapp
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 8.8

    HIGH
    CVE-2022-26700

    A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.... Read more

    Affected Products : macos iphone_os tvos watchos safari ipados
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 7.5

    HIGH
    CVE-2022-23952

    In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable.... Read more

    Affected Products : keylime
    • Published: Sep. 21, 2022
    • Modified: May. 22, 2025

  • 9.1

    CRITICAL
    CVE-2022-23144

    There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.... Read more

    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025
Showing 20 of 292774 Results