Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-42705

    A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at th... Read more

    Affected Products : asterisk certified_asterisk
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-42496

    OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.... Read more

    Affected Products : nadesiko3
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.5

    MEDIUM
    CVE-2022-42446

    Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users. ... Read more

    Affected Products : sametime
    • Published: Dec. 12, 2022
    • Modified: Apr. 24, 2025

  • 4.8

    MEDIUM
    CVE-2022-41830

    Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci... Read more

    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.5

    MEDIUM
    CVE-2022-41807

    Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions... Read more

    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.5

    MEDIUM
    CVE-2022-41798

    Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions... Read more

    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2022-41777

    Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the serv... Read more

    Affected Products : nadesiko3
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-41642

    OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product.... Read more

    Affected Products : nadesiko3
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-40918

    Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows attacker to gain remote code execution as root user via a specially crafted UDP packet. Please update the Reference section to these links > h... Read more

    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-54932

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 24, 2025

  • 9.1

    CRITICAL
    CVE-2022-38337

    When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used.... Read more

    Affected Products : mobaxterm
    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 8.1

    HIGH
    CVE-2022-38336

    An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication.... Read more

    Affected Products : mobaxterm
    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2022-37325

    In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.... Read more

    Affected Products : asterisk
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2022-35254

    An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti N... Read more

    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.7

    MEDIUM
    CVE-2022-32634

    In ccci, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138646; Issue ID:... Read more

    Affected Products : android mt6779 mt6781 mt6785 mt6833 mt6853 mt6855 mt6873 mt6877 mt6879 +21 more products
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.7

    MEDIUM
    CVE-2022-32633

    In Wi-Fi, there is a possible memory access violation due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441637; Issue ID: ALPS07... Read more

    Affected Products : android yocto mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6855 mt6873 +40 more products
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.7

    MEDIUM
    CVE-2022-32632

    In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441630; Issue ID... Read more

    Affected Products : android yocto mt6779 mt6785 mt6833 mt6853 mt6873 mt6877 mt6885 mt8675 +25 more products
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.7

    MEDIUM
    CVE-2022-32631

    In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453613; Issue ID... Read more

    Affected Products : android yocto mt6779 mt6781 mt6785 mt6789 mt6833 mt6853 mt6873 mt6877 +24 more products
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.7

    MEDIUM
    CVE-2022-32630

    In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP... Read more

    Affected Products : android mt6789 mt6855 mt6895 mt6983 mt8781
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.7

    MEDIUM
    CVE-2022-32629

    In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310774; Issue ID: ALP... Read more

    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025
Showing 20 of 293555 Results