Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2022-41395

    Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function.... Read more

    Affected Products : w15e_firmware w15e
    • EPSS Score: %0.26
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-38165

    Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server.... Read more

    Affected Products : f-secure_policy_manager
    • EPSS Score: %0.47
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-36432

    The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response.... Read more

    Affected Products : blog_pro
    • EPSS Score: %0.19
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-34318

    IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch ... Read more

    Affected Products : cics_tx
    • EPSS Score: %0.06
    • Published: Dec. 12, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-30283

    In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe ... Read more

    Affected Products : kernel
    • EPSS Score: %0.04
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-30258

    An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effe... Read more

    Affected Products : dns_server
    • EPSS Score: %0.13
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-30257

    An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effe... Read more

    Affected Products : dns_server
    • EPSS Score: %0.13
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 8.2

    HIGH
    CVE-2022-29279

    Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security ... Read more

    Affected Products : kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.2

    HIGH
    CVE-2022-29278

    Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during securit... Read more

    Affected Products : kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2022-29277

    Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addres... Read more

    • EPSS Score: %0.07
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.2

    HIGH
    CVE-2022-29276

    SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: vers... Read more

    Affected Products : kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.2

    HIGH
    CVE-2022-29275

    In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kern... Read more

    Affected Products : kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 6.7

    MEDIUM
    CVE-2022-20460

    In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the memory mapping due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitati... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 6.7

    MEDIUM
    CVE-2022-20459

    In (TBD) of (TBD), there is a possible way to redirect code execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: Andr... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 6.7

    MEDIUM
    CVE-2022-20428

    In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-1581

    The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations.... Read more

    Affected Products : wp-polls
    • EPSS Score: %0.05
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-1579

    The function check_is_login_page() uses headers for the IP check, which can be easily spoofed.... Read more

    Affected Products : login_block_ips
    • EPSS Score: %0.16
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2022-1578

    The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack... Read more

    Affected Products : my_wpdb
    • EPSS Score: %0.32
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-0421

    The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due ... Read more

    Affected Products : five_star_restaurant_reservations
    • EPSS Score: %0.52
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 5.5

    MEDIUM
    CVE-2021-47252

    In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid WARN_ON timing related checks The soft/batadv interface for a queued OGM can be changed during the time the OGM was queued for transmission and when the OGM is actuall... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025
Showing 20 of 291205 Results