Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-43236

    Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.... Read more

    Affected Products : debian_linux libde265
    • EPSS Score: %0.09
    • Published: Nov. 02, 2022
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2022-43235

    Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.... Read more

    Affected Products : debian_linux libde265
    • EPSS Score: %0.11
    • Published: Nov. 02, 2022
    • Modified: May. 02, 2025

  • 8.8

    HIGH
    CVE-2022-43226

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/?page=appointments/view_appointment.... Read more

    • EPSS Score: %0.08
    • Published: Nov. 02, 2022
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2022-43223

    open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment.... Read more

    Affected Products : open5gs
    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2022-43068

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 02, 2022
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2022-43066

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Master.php?f=delete_message.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 02, 2022
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2022-41551

    Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php.... Read more

    Affected Products : garage_management_system
    • EPSS Score: %0.09
    • Published: Nov. 02, 2022
    • Modified: May. 02, 2025

  • 6.1

    MEDIUM
    CVE-2022-40840

    ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via createPdf.php.... Read more

    Affected Products : ndkadvancedcustomizationfields
    • EPSS Score: %0.15
    • Published: Nov. 02, 2022
    • Modified: May. 02, 2025

  • 5.5

    MEDIUM
    CVE-2022-40276

    Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy (or at least not st... Read more

    Affected Products : zettlr
    • EPSS Score: %0.04
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2022-40235

    "IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. IBM X-Force ID: 235725."... Read more

    • EPSS Score: %0.10
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2022-40230

    "IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532."... Read more

    Affected Products : mq_appliance
    • EPSS Score: %0.05
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 5.9

    MEDIUM
    CVE-2022-38712

    "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762."... Read more

    • EPSS Score: %0.05
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 9.1

    CRITICAL
    CVE-2022-38168

    Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.... Read more

    • EPSS Score: %0.11
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2022-35717

    "IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-"Force ID: 231361.... Read more

    • EPSS Score: %0.11
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 5.4

    MEDIUM
    CVE-2022-35642

    "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... Read more

    • EPSS Score: %0.20
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 4.3

    MEDIUM
    CVE-2022-35279

    "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against... Read more

    Affected Products : business_automation_workflow
    • EPSS Score: %0.06
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2022-34339

    "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963."... Read more

    Affected Products : cognos_analytics
    • EPSS Score: %0.06
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2022-32287

    A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache ... Read more

    Affected Products : uimaj
    • EPSS Score: %0.21
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 8.1

    HIGH
    CVE-2021-37789

    stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.... Read more

    Affected Products : debian_linux stb
    • EPSS Score: %0.10
    • Published: Nov. 02, 2022
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2022-45343

    GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.... Read more

    Affected Products : gpac
    • EPSS Score: %0.03
    • Published: Nov. 29, 2022
    • Modified: May. 02, 2025
Showing 20 of 291157 Results