Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-45062

    In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.... Read more

    Affected Products : fedora debian_linux xfce4-settings
    • EPSS Score: %0.74
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-45061

    An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a C... Read more

    • EPSS Score: %0.09
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-45060

    An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line... Read more

    • EPSS Score: %0.60
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-45059

    An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwar... Read more

    Affected Products : fedora varnish_cache
    • EPSS Score: %0.46
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 5.9

    MEDIUM
    CVE-2022-44563

    There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.08
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-44562

    The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.24
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-44552

    The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.12
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-44551

    The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.12
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-44550

    The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.10
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-44549

    The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.10
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 4.3

    MEDIUM
    CVE-2022-44548

    There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.03
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 5.5

    MEDIUM
    CVE-2022-44318

    PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StringStrcat function in cstdlib/string.c when called from ExpressionParseFunctionCall.... Read more

    Affected Products : picoc
    • EPSS Score: %0.06
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 5.5

    MEDIUM
    CVE-2022-44317

    PicoC Version 3.2.2 was discovered to contain a heap buffer overflow in the StdioOutPutc function in cstdlib/stdio.c when called from ExpressionParseFunctionCall.... Read more

    Affected Products : picoc
    • EPSS Score: %0.03
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-43120

    A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.... Read more

    Affected Products : subrion subrion_cms
    • EPSS Score: %0.45
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-43058

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity.... Read more

    • EPSS Score: %0.10
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 8.8

    HIGH
    CVE-2022-43031

    DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.... Read more

    Affected Products : dedecms
    • EPSS Score: %0.31
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2022-37900

    Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. ... Read more

    Affected Products : arubaos sd-wan 7005 7008 7010 7024 7030 7205 7210 7220 +2 more products
    • EPSS Score: %0.43
    • Published: Dec. 12, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-33322

    Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS ... Read more

    • EPSS Score: %0.78
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-27674

    Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service.... Read more

    Affected Products : linux_kernel freebsd windows amd_uprof
    • EPSS Score: %0.08
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-23831

    Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service.... Read more

    Affected Products : linux_kernel freebsd windows amd_uprof
    • EPSS Score: %0.20
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025
Showing 20 of 291157 Results