Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2022-42707

    In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions.... Read more

    Affected Products : mahara
    • EPSS Score: %0.18
    • Published: Nov. 06, 2022
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2022-40284

    A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G s... Read more

    Affected Products : fedora debian_linux ntfs-3g
    • EPSS Score: %0.03
    • Published: Nov. 06, 2022
    • Modified: May. 02, 2025

  • 7.6

    HIGH
    CVE-2022-3721

    Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.... Read more

    Affected Products : froxlor
    • EPSS Score: %0.12
    • Published: Nov. 04, 2022
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2022-38582

    Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files.... Read more

    Affected Products : anti-virus
    • EPSS Score: %0.08
    • Published: Nov. 04, 2022
    • Modified: May. 02, 2025

  • 3.5

    LOW
    CVE-2022-38163

    A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar.... Read more

    Affected Products : safe
    • EPSS Score: %0.15
    • Published: Nov. 07, 2022
    • Modified: May. 02, 2025

  • 5.5

    MEDIUM
    CVE-2022-37911

    Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume sy... Read more

    Affected Products : arubaos sd-wan
    • EPSS Score: %0.13
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2022-37910

    A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system. ... Read more

    Affected Products : arubaos sd-wan
    • EPSS Score: %0.16
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 5.3

    MEDIUM
    CVE-2022-37909

    Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond... Read more

    Affected Products : arubaos sd-wan
    • EPSS Score: %0.10
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 6.5

    MEDIUM
    CVE-2022-37908

    An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller. ... Read more

    Affected Products : arubaos sd-wan 7005 7008 7010 7024 7030 7205 7210 7220 +2 more products
    • EPSS Score: %0.09
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2022-37907

    A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the im... Read more

    Affected Products : arubaos sd-wan 7005 7008 7010 7024 7030 7205 7210 7220 +2 more products
    • EPSS Score: %0.14
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 8.1

    HIGH
    CVE-2022-37906

    An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system. ... Read more

    Affected Products : arubaos sd-wan
    • EPSS Score: %0.19
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 8.8

    HIGH
    CVE-2022-37905

    Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating s... Read more

    Affected Products : arubaos sd-wan 7005 7008 7010 7024 7030 7205 7210 7220 +2 more products
    • EPSS Score: %0.45
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 8.8

    HIGH
    CVE-2022-37904

    Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating s... Read more

    Affected Products : arubaos sd-wan 7005 7008 7010 7024 7030 7205 7210 7220 +2 more products
    • EPSS Score: %0.25
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2022-37901

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. ... Read more

    Affected Products : arubaos sd-wan 7005 7008 7010 7024 7030 7205 7210 7220 +2 more products
    • EPSS Score: %0.43
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2022-37899

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. ... Read more

    Affected Products : arubaos sd-wan 7005 7008 7010 7024 7030 7205 7210 7220 +2 more products
    • EPSS Score: %0.43
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 7.2

    HIGH
    CVE-2022-37898

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. ... Read more

    Affected Products : arubaos sd-wan 7005 7008 7010 7024 7030 7205 7210 7220 +2 more products
    • EPSS Score: %0.43
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-37897

    There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerab... Read more

    Affected Products : arubaos sd-wan
    • EPSS Score: %1.28
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 9.1

    CRITICAL
    CVE-2022-37865

    With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the ... Read more

    Affected Products : ivy
    • EPSS Score: %0.35
    • Published: Nov. 07, 2022
    • Modified: May. 02, 2025

  • 7.8

    HIGH
    CVE-2022-37710

    Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypte... Read more

    Affected Products : eaglesoft
    • EPSS Score: %0.03
    • Published: Nov. 07, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-34822

    Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remot... Read more

    • EPSS Score: %7.22
    • Published: Nov. 08, 2022
    • Modified: May. 02, 2025
Showing 20 of 291219 Results