Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2023-28465

    The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen ... Read more

    Affected Products : hl7_fhir_core
    • Published: Dec. 12, 2023
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2022-41320

    Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a net... Read more

    Affected Products : system_recovery
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 6.1

    MEDIUM
    CVE-2022-41319

    A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7).... Read more

    Affected Products : desktop_and_laptop_option
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-40869

    Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").... Read more

    Affected Products : ac18_firmware ac15_firmware ac18 ac15
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-40865

    Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/... Read more

    Affected Products : ac18_firmware ac15_firmware ac18 ac15
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2022-40716

    HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and ... Read more

    Affected Products : consul
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2022-40188

    Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.... Read more

    Affected Products : fedora debian_linux knot_resolver
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-40089

    A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allow_url_include is set to On.... Read more

    Affected Products : simple_college_website
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 6.1

    MEDIUM
    CVE-2022-40088

    Simple College Website v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /college_website/index.php?page=. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted paylo... Read more

    Affected Products : simple_college_website
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-40087

    Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : simple_college_website
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2022-38936

    An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137.... Read more

    Affected Products : pbc
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-37235

    Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat... Read more

    Affected Products : r7000_firmware r7000
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2022-37234

    Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy.... Read more

    Affected Products : r7000_firmware r7000
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-36944

    Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase c... Read more

    Affected Products : fedora scala scala-collection-compat
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 6.5

    MEDIUM
    CVE-2022-35024

    OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.... Read more

    Affected Products : otfcc
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 7.5

    HIGH
    CVE-2022-34026

    ICEcoder v8.1 allows attackers to execute a directory traversal.... Read more

    Affected Products : icecoder
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 5.9

    MEDIUM
    CVE-2022-33682

    TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication conn... Read more

    Affected Products : pulsar
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 5.5

    MEDIUM
    CVE-2022-32849

    An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive... Read more

    Affected Products : macos mac_os_x iphone_os tvos ipados
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2022-32814

    A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-31937

    Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd.... Read more

    Affected Products : wnr2000v4_firmware wnr2000v4
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025
Showing 20 of 293354 Results