Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-43518

    An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive sy... Read more

    Affected Products : edgeconnect_enterprise
    • Published: Dec. 12, 2022
    • Modified: Apr. 24, 2025

  • 6.1

    MEDIUM
    CVE-2022-43479

    Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack.... Read more

    Affected Products : shirasagi
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 7.3

    HIGH
    CVE-2022-43470

    Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an... Read more

    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 4.6

    MEDIUM
    CVE-2022-43442

    Plaintext storage of a password vulnerability exists in +F FS040U software versions v2.3.4 and earlier, which may allow an attacker to obtain the login password of +F FS040U and log in to the management console.... Read more

    Affected Products : fs040u_firmware fs040u
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-43097

    Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & login pages.... Read more

    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 4.9

    MEDIUM
    CVE-2022-42706

    An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk config... Read more

    Affected Products : asterisk certified_asterisk
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.5

    MEDIUM
    CVE-2022-42705

    A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at th... Read more

    Affected Products : asterisk certified_asterisk
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-42496

    OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.... Read more

    Affected Products : nadesiko3
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.5

    MEDIUM
    CVE-2022-42446

    Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users. ... Read more

    Affected Products : sametime
    • Published: Dec. 12, 2022
    • Modified: Apr. 24, 2025

  • 4.8

    MEDIUM
    CVE-2022-41830

    Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci... Read more

    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.5

    MEDIUM
    CVE-2022-41807

    Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions... Read more

    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.5

    MEDIUM
    CVE-2022-41798

    Session information easily guessable vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to log in to the product by spoofing a user with guessed session information. Affected products/versions... Read more

    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2022-41777

    Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the serv... Read more

    Affected Products : nadesiko3
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-41642

    OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product.... Read more

    Affected Products : nadesiko3
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-40918

    Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 Discovery Wifi U818A HD+ FPV Drone allows attacker to gain remote code execution as root user via a specially crafted UDP packet. Please update the Reference section to these links > h... Read more

    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2024-54932

    Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.... Read more

    Affected Products : e-learning_management_system
    • Published: Dec. 09, 2024
    • Modified: Apr. 24, 2025

  • 9.1

    CRITICAL
    CVE-2022-38337

    When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used.... Read more

    Affected Products : mobaxterm
    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 8.1

    HIGH
    CVE-2022-38336

    An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication.... Read more

    Affected Products : mobaxterm
    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2022-37325

    In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.... Read more

    Affected Products : asterisk
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2022-35254

    An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti N... Read more

    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025
Showing 20 of 293609 Results