Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2022-45163

    An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.M... Read more

    • EPSS Score: %0.14
    • Published: Nov. 18, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-45132

    In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 templ... Read more

    Affected Products : lava
    • EPSS Score: %6.46
    • Published: Nov. 18, 2022
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-43694

    Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.56
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2022-43693

    Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.60
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-43265

    An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.13
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 6.8

    MEDIUM
    CVE-2022-43096

    Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.... Read more

    • EPSS Score: %0.08
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-42954

    Keyfactor EJBCA before 7.10.0 allows XSS.... Read more

    Affected Products : kefactor_ejbca
    • EPSS Score: %0.77
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 3.3

    LOW
    CVE-2022-42903

    Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.... Read more

    Affected Products : manageengine_supportcenter_plus
    • EPSS Score: %0.05
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-42894

    A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for... Read more

    • EPSS Score: %0.25
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-42893

    A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the a... Read more

    • EPSS Score: %0.16
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-42892

    A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow directory listing in any folder accessible to t... Read more

    • EPSS Score: %0.33
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 5.9

    MEDIUM
    CVE-2022-42132

    The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when ... Read more

    • EPSS Score: %0.20
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 4.8

    MEDIUM
    CVE-2022-42131

    Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 ... Read more

    • EPSS Score: %0.14
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-42128

    The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode ... Read more

    • EPSS Score: %0.18
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-42127

    The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page.... Read more

    • EPSS Score: %0.18
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 4.3

    MEDIUM
    CVE-2022-42126

    The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries ... Read more

    • EPSS Score: %0.18
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-42125

    Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.... Read more

    • EPSS Score: %0.20
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-42119

    Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8.... Read more

    Affected Products : liferay_portal dxp
    • EPSS Score: %0.52
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-42058

    Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.... Read more

    Affected Products : w15e_firmware w15e
    • EPSS Score: %0.56
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 7.8

    HIGH
    CVE-2022-41396

    Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters.... Read more

    Affected Products : w15e_firmware w15e
    • EPSS Score: %0.26
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025
Showing 20 of 291205 Results