Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2022-41551

    Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php.... Read more

    Affected Products : garage_management_system
    • EPSS Score: %0.09
    • Published: Nov. 02, 2022
    • Modified: May. 02, 2025

  • 6.1

    MEDIUM
    CVE-2022-40840

    ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via createPdf.php.... Read more

    Affected Products : ndkadvancedcustomizationfields
    • EPSS Score: %0.15
    • Published: Nov. 02, 2022
    • Modified: May. 02, 2025

  • 5.5

    MEDIUM
    CVE-2022-40276

    Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy (or at least not st... Read more

    Affected Products : zettlr
    • EPSS Score: %0.04
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2022-40235

    "IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. IBM X-Force ID: 235725."... Read more

    • EPSS Score: %0.10
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2022-40230

    "IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532."... Read more

    Affected Products : mq_appliance
    • EPSS Score: %0.05
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 5.9

    MEDIUM
    CVE-2022-38712

    "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762."... Read more

    • EPSS Score: %0.05
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 9.1

    CRITICAL
    CVE-2022-38168

    Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification.... Read more

    • EPSS Score: %0.11
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2022-35717

    "IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-"Force ID: 231361.... Read more

    • EPSS Score: %0.11
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 5.4

    MEDIUM
    CVE-2022-35642

    "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... Read more

    • EPSS Score: %0.20
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 4.3

    MEDIUM
    CVE-2022-35279

    "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against... Read more

    Affected Products : business_automation_workflow
    • EPSS Score: %0.06
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2022-34339

    "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963."... Read more

    Affected Products : cognos_analytics
    • EPSS Score: %0.06
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2022-32287

    A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache ... Read more

    Affected Products : uimaj
    • EPSS Score: %0.21
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 8.1

    HIGH
    CVE-2021-37789

    stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.... Read more

    Affected Products : debian_linux stb
    • EPSS Score: %0.10
    • Published: Nov. 02, 2022
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2022-45343

    GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.... Read more

    Affected Products : gpac
    • EPSS Score: %0.03
    • Published: Nov. 29, 2022
    • Modified: May. 02, 2025

  • 8.8

    HIGH
    CVE-2022-44638

    In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.... Read more

    Affected Products : fedora debian_linux pixman
    • EPSS Score: %0.21
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2022-43574

    "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679."... Read more

    • EPSS Score: %0.05
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-43107

    Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.... Read more

    Affected Products : ac23_firmware ac23
    • EPSS Score: %0.09
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-43106

    Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function.... Read more

    Affected Products : ac23_firmware ac23
    • EPSS Score: %0.09
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-43101

    Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.... Read more

    Affected Products : ac23_firmware ac23
    • EPSS Score: %0.09
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 4.3

    MEDIUM
    CVE-2022-41413

    perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.... Read more

    Affected Products : perfsonar
    • EPSS Score: %0.50
    • Published: Nov. 30, 2022
    • Modified: May. 02, 2025
Showing 20 of 291205 Results