Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-40817

    Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issu... Read more

    Affected Products : zammad
    • EPSS Score: %0.14
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2022-40816

    Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connecti... Read more

    Affected Products : zammad
    • EPSS Score: %0.17
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2022-40497

    Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint.... Read more

    Affected Products : wazuh
    • EPSS Score: %2.13
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2022-40486

    TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file.... Read more

    • EPSS Score: %1.72
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-40475

    TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi.... Read more

    Affected Products : a860r_firmware a860r
    • EPSS Score: %1.40
    • Published: Sep. 29, 2022
    • Modified: May. 21, 2025

  • 7.2

    HIGH
    CVE-2022-40354

    Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php.... Read more

    • EPSS Score: %0.09
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 7.8

    HIGH
    CVE-2022-40126

    A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.... Read more

    Affected Products : clash
    • EPSS Score: %0.08
    • Published: Sep. 29, 2022
    • Modified: May. 21, 2025

  • 9.6

    CRITICAL
    CVE-2022-40083

    Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).... Read more

    Affected Products : echo
    • EPSS Score: %71.35
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 7.5

    HIGH
    CVE-2022-40082

    Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.... Read more

    Affected Products : windows hertz
    • EPSS Score: %0.14
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 7.5

    HIGH
    CVE-2022-3323

    An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in t... Read more

    Affected Products : iview
    • EPSS Score: %0.09
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 3.3

    LOW
    CVE-2022-38934

    readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabilities when parsing a crafted ELF file.... Read more

    Affected Products : toaruos
    • EPSS Score: %0.03
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 8.4

    HIGH
    CVE-2022-38932

    readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file.... Read more

    Affected Products : toaruos
    • EPSS Score: %0.04
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-38335

    Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules.... Read more

    Affected Products : vtiger_crm
    • EPSS Score: %0.49
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2022-36771

    IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791.... Read more

    Affected Products : qradar_user_behavior_analytics
    • EPSS Score: %0.06
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 8.2

    HIGH
    CVE-2022-36448

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver.... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.06
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 7.8

    HIGH
    CVE-2022-32168

    Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.... Read more

    Affected Products : notepad\+\+
    • EPSS Score: %0.05
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 6.1

    MEDIUM
    CVE-2022-32166

    In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modifi... Read more

    Affected Products : debian_linux open_vswitch
    • EPSS Score: %0.64
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 4.3

    MEDIUM
    CVE-2022-2760

    In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space.... Read more

    Affected Products : octopus_server
    • EPSS Score: %0.30
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 5.3

    MEDIUM
    CVE-2022-23716

    A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster.... Read more

    Affected Products : elastic_cloud_enterprise
    • EPSS Score: %0.29
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 7.8

    HIGH
    CVE-2022-1270

    In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.... Read more

    Affected Products : debian_linux graphicsmagick
    • EPSS Score: %0.05
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025
Showing 20 of 292522 Results