Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-43693

    Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.60
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-43265

    An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.13
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 6.8

    MEDIUM
    CVE-2022-43096

    Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.... Read more

    • EPSS Score: %0.08
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-42954

    Keyfactor EJBCA before 7.10.0 allows XSS.... Read more

    Affected Products : kefactor_ejbca
    • EPSS Score: %0.77
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 3.3

    LOW
    CVE-2022-42903

    Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.... Read more

    Affected Products : manageengine_supportcenter_plus
    • EPSS Score: %0.05
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-42894

    A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for... Read more

    • EPSS Score: %0.25
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-42893

    A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the a... Read more

    • EPSS Score: %0.16
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-42892

    A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow directory listing in any folder accessible to t... Read more

    • EPSS Score: %0.33
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 5.9

    MEDIUM
    CVE-2022-42132

    The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when ... Read more

    • EPSS Score: %0.20
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 4.8

    MEDIUM
    CVE-2022-42131

    Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 ... Read more

    • EPSS Score: %0.14
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-42128

    The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode ... Read more

    • EPSS Score: %0.18
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-42127

    The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page.... Read more

    • EPSS Score: %0.18
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 4.3

    MEDIUM
    CVE-2022-42126

    The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries ... Read more

    • EPSS Score: %0.18
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-42125

    Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.... Read more

    • EPSS Score: %0.20
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-42119

    Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8.... Read more

    Affected Products : liferay_portal dxp
    • EPSS Score: %0.52
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-42058

    Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.... Read more

    Affected Products : w15e_firmware w15e
    • EPSS Score: %0.56
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 7.8

    HIGH
    CVE-2022-41396

    Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters.... Read more

    Affected Products : w15e_firmware w15e
    • EPSS Score: %0.26
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 7.8

    HIGH
    CVE-2022-41395

    Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function.... Read more

    Affected Products : w15e_firmware w15e
    • EPSS Score: %0.26
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-38165

    Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server.... Read more

    Affected Products : f-secure_policy_manager
    • EPSS Score: %0.47
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-36432

    The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response.... Read more

    Affected Products : blog_pro
    • EPSS Score: %0.19
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025
Showing 20 of 291209 Results