Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2022-44555

    The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.09
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-44554

    The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.09
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2022-44553

    The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.08
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-44089

    ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE.... Read more

    Affected Products : espcms
    • EPSS Score: %2.11
    • Published: Nov. 10, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-44088

    ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION.... Read more

    Affected Products : espcms
    • EPSS Score: %37.86
    • Published: Nov. 10, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-44087

    ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT.... Read more

    Affected Products : espcms
    • EPSS Score: %2.11
    • Published: Nov. 10, 2022
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2022-43679

    The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages.... Read more

    Affected Products : owncloud
    • EPSS Score: %0.17
    • Published: Nov. 10, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-43672

    Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.... Read more

    • EPSS Score: %62.47
    • Published: Nov. 12, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-43671

    Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.... Read more

    • EPSS Score: %62.47
    • Published: Nov. 12, 2022
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2022-43146

    An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.10
    • Published: Nov. 14, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-43074

    AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : ayacms
    • EPSS Score: %0.14
    • Published: Nov. 10, 2022
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2022-43030

    Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by atta... Read more

    Affected Products : siyucms
    • EPSS Score: %2.16
    • Published: Nov. 14, 2022
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2022-41339

    In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation.... Read more

    • EPSS Score: %0.06
    • Published: Nov. 12, 2022
    • Modified: May. 01, 2025

  • 8.8

    HIGH
    CVE-2022-40773

    Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.... Read more

    • EPSS Score: %0.50
    • Published: Nov. 12, 2022
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2022-3238

    A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Nov. 14, 2022
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2022-39069

    There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table co... Read more

    Affected Products : zaip-aie
    • EPSS Score: %0.34
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-38651

    A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affect... Read more

    Affected Products : hyperic_server
    • EPSS Score: %0.07
    • Published: Nov. 12, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-38167

    The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS.... Read more

    Affected Products : workflow
    • EPSS Score: %0.45
    • Published: Nov. 14, 2022
    • Modified: May. 01, 2025

  • 5.5

    MEDIUM
    CVE-2022-37290

    GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.... Read more

    Affected Products : fedora nautilus
    • EPSS Score: %0.02
    • Published: Nov. 14, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-36938

    DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.... Read more

    Affected Products : redex
    • EPSS Score: %0.63
    • Published: Nov. 11, 2022
    • Modified: May. 01, 2025
Showing 20 of 291058 Results