Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-42751

    CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions.... Read more

    Affected Products : candidats
    • EPSS Score: %0.09
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-42750

    CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user.... Read more

    Affected Products : candidats
    • EPSS Score: %0.41
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-42749

    CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. ... Read more

    Affected Products : candidats
    • EPSS Score: %3.10
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-42748

    CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. ... Read more

    Affected Products : candidats
    • EPSS Score: %3.10
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-42747

    CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. ... Read more

    Affected Products : candidats
    • EPSS Score: %3.10
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-42746

    CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. ... Read more

    Affected Products : candidats
    • EPSS Score: %6.03
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 5.3

    MEDIUM
    CVE-2022-42743

    deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.... Read more

    Affected Products : deep-parse-json
    • EPSS Score: %0.08
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 3.3

    LOW
    CVE-2022-42442

    IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214. ... Read more

    • EPSS Score: %0.03
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 5.3

    MEDIUM
    CVE-2022-41714

    fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.... Read more

    Affected Products : fastest-json-copy
    • EPSS Score: %0.08
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 5.3

    MEDIUM
    CVE-2022-41713

    deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the '__proto__' property to be edited.... Read more

    Affected Products : deep-object-diff
    • EPSS Score: %0.08
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-41710

    Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at le... Read more

    Affected Products : markdownify
    • EPSS Score: %0.03
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2022-41435

    OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public ... Read more

    Affected Products : luci
    • EPSS Score: %0.10
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 9.1

    CRITICAL
    CVE-2022-40747

    "IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID... Read more

    • EPSS Score: %0.06
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-3781

    Dashlane password and Keepass Server password in My Account Settings  are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to re... Read more

    • EPSS Score: %0.08
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-3780

    Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions. ... Read more

    Affected Products : remote_desktop_manager
    • EPSS Score: %0.22
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2022-30615

    "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... Read more

    • EPSS Score: %0.20
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-30608

    "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295.... Read more

    • EPSS Score: %0.07
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-25885

    The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.... Read more

    Affected Products : muhammara hummus
    • EPSS Score: %0.11
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-22442

    "IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427."... Read more

    • EPSS Score: %0.07
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-22425

    "IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598."... Read more

    • EPSS Score: %0.13
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025
Showing 20 of 291193 Results