Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2022-42128

    The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode ... Read more

    • EPSS Score: %0.18
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-42127

    The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page.... Read more

    • EPSS Score: %0.18
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 4.3

    MEDIUM
    CVE-2022-42126

    The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries ... Read more

    • EPSS Score: %0.18
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-42125

    Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.... Read more

    • EPSS Score: %0.20
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-42119

    Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8.... Read more

    Affected Products : liferay_portal dxp
    • EPSS Score: %0.52
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-42058

    Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.... Read more

    Affected Products : w15e_firmware w15e
    • EPSS Score: %0.56
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 7.8

    HIGH
    CVE-2022-41396

    Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters.... Read more

    Affected Products : w15e_firmware w15e
    • EPSS Score: %0.26
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 7.8

    HIGH
    CVE-2022-41395

    Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function.... Read more

    Affected Products : w15e_firmware w15e
    • EPSS Score: %0.26
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-38165

    Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server.... Read more

    Affected Products : f-secure_policy_manager
    • EPSS Score: %0.47
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-36432

    The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response.... Read more

    Affected Products : blog_pro
    • EPSS Score: %0.19
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-34318

    IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch ... Read more

    Affected Products : cics_tx
    • EPSS Score: %0.06
    • Published: Dec. 12, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-30283

    In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe ... Read more

    Affected Products : kernel
    • EPSS Score: %0.04
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-30258

    An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effe... Read more

    Affected Products : dns_server
    • EPSS Score: %0.13
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-30257

    An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effe... Read more

    Affected Products : dns_server
    • EPSS Score: %0.13
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 8.2

    HIGH
    CVE-2022-29279

    Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security ... Read more

    Affected Products : kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.2

    HIGH
    CVE-2022-29278

    Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during securit... Read more

    Affected Products : kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2022-29277

    Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addres... Read more

    • EPSS Score: %0.07
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.2

    HIGH
    CVE-2022-29276

    SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: vers... Read more

    Affected Products : kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.2

    HIGH
    CVE-2022-29275

    In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kern... Read more

    Affected Products : kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 6.7

    MEDIUM
    CVE-2022-20460

    In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the memory mapping due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025
Showing 20 of 291157 Results