Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2022-44647

    An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privil... Read more

    Affected Products : windows apex_one
    • EPSS Score: %0.06
    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-44168

    Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic..... Read more

    Affected Products : ac15_firmware ac15
    • EPSS Score: %0.10
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-44167

    Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer.... Read more

    Affected Products : ac15_firmware ac15
    • EPSS Score: %0.10
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-44163

    Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.... Read more

    Affected Products : ac21_firmware ac21
    • EPSS Score: %0.10
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 6.7

    MEDIUM
    CVE-2022-43192

    An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886.... Read more

    Affected Products : dedecms
    • EPSS Score: %0.03
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2022-43183

    XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java.... Read more

    Affected Products : xxl-job
    • EPSS Score: %19.93
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-43171

    A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file.... Read more

    Affected Products : lief
    • EPSS Score: %0.15
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 7.2

    HIGH
    CVE-2022-43163

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /clients/view_client.php.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 7.2

    HIGH
    CVE-2022-43162

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/view_test.php.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2022-43142

    A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.... Read more

    Affected Products : password_storage_application
    • EPSS Score: %0.15
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-41326

    The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the ... Read more

    Affected Products : micollab
    • EPSS Score: %3.00
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2022-41131

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to... Read more

    • EPSS Score: %0.19
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 8.1

    HIGH
    CVE-2022-40870

    The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.... Read more

    Affected Products : remote_application_server
    • EPSS Score: %0.15
    • Published: Nov. 23, 2022
    • Modified: Apr. 29, 2025

  • 9.1

    CRITICAL
    CVE-2022-40842

    ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php.... Read more

    Affected Products : ndkadvancedcustomizationfields
    • EPSS Score: %0.33
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-37773

    An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases.... Read more

    Affected Products : maarch_rm
    • EPSS Score: %0.36
    • Published: Nov. 23, 2022
    • Modified: Apr. 29, 2025

  • 9.6

    CRITICAL
    CVE-2022-36180

    Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106.... Read more

    Affected Products : fusiondirectory
    • EPSS Score: %0.18
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-36179

    Fusiondirectory 1.3 suffers from Improper Session Handling.... Read more

    Affected Products : fusiondirectory
    • EPSS Score: %0.12
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2022-35407

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of t... Read more

    Affected Products : kernel
    • EPSS Score: %0.08
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2022-33012

    Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.... Read more

    Affected Products : microweber cockpit
    • EPSS Score: %0.54
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2021-3919

    A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability.... Read more

    • EPSS Score: %0.83
    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025
Showing 20 of 291269 Results