Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2022-43121

    A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.... Read more

    Affected Products : subrion subrion_cms
    • EPSS Score: %0.48
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-43118

    A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field.... Read more

    Affected Products : flatcore-cms
    • EPSS Score: %0.14
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-40797

    Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server config... Read more

    Affected Products : roxy_fileman
    • EPSS Score: %8.30
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 4.3

    MEDIUM
    CVE-2022-3413

    Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to vi... Read more

    Affected Products : gitlab
    • EPSS Score: %0.11
    • Published: Nov. 10, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-37927

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD). ... Read more

    Affected Products : oneview_global_dashboard
    • EPSS Score: %0.24
    • Published: Dec. 12, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-31689

    VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.... Read more

    Affected Products : workspace_one_assist
    • EPSS Score: %0.57
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-31688

    VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's wind... Read more

    Affected Products : workspace_one_assist
    • EPSS Score: %0.53
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-31687

    VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.... Read more

    Affected Products : workspace_one_assist
    • EPSS Score: %0.52
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 4.6

    MEDIUM
    CVE-2022-20465

    In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed.... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2022-20462

    In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exp... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.5

    MEDIUM
    CVE-2022-20457

    In getMountModeInternal of StorageManagerService.java, there is a possible prevention of package installation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 6.7

    MEDIUM
    CVE-2022-20454

    In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.5

    MEDIUM
    CVE-2022-20453

    In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is neede... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2022-20452

    In initializeFromParcelLocked of BaseBundle.java, there is a possible method arbitrary code execution due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed... Read more

    Affected Products : android
    • EPSS Score: %0.20
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2022-20451

    In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for ex... Read more

    Affected Products : android
    • EPSS Score: %0.00
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2022-20450

    In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interac... Read more

    Affected Products : android
    • EPSS Score: %0.00
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.5

    MEDIUM
    CVE-2022-20448

    In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is... Read more

    Affected Products : android
    • EPSS Score: %0.00
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 6.5

    MEDIUM
    CVE-2022-20447

    In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • EPSS Score: %0.24
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2022-20441

    In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution priv... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.5

    MEDIUM
    CVE-2022-20426

    In multiple functions of many files, there is a possible obstruction of the user's ability to select a phone account due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025
Showing 20 of 291058 Results