Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2022-44931

    Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.... Read more

    Affected Products : a18_firmware a18
    • Published: Dec. 08, 2022
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2022-44361

    An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php.... Read more

    Affected Products : zzcms
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-44351

    Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php.... Read more

    Affected Products : skycaiji
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2022-44153

    Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products : rapid_scada
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2022-42486

    Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.... Read more

    Affected Products : basercms
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 5.5

    MEDIUM
    CVE-2022-41783

    tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function.... Read more

    Affected Products : re3000_firmware re3000
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2022-41720

    On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For examp... Read more

    Affected Products : go windows
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2022-40966

    Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N ... Read more

    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2022-3926

    The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID... Read more

    Affected Products : wp_oauth_server oauth_server
    • Published: Dec. 05, 2022
    • Modified: Apr. 23, 2025

  • 4.3

    MEDIUM
    CVE-2022-3711

    A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA.... Read more

    • Published: Dec. 01, 2022
    • Modified: Apr. 23, 2025

  • 8.1

    HIGH
    CVE-2022-3262

    A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and av... Read more

    • Published: Dec. 08, 2022
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2022-3260

    The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.... Read more

    • Published: Dec. 08, 2022
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2022-3249

    The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacks... Read more

    Affected Products : wp_csv_exporter
    • Published: Dec. 05, 2022
    • Modified: Apr. 23, 2025

  • 6.8

    MEDIUM
    CVE-2022-39044

    Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and ea... Read more

    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2022-38765

    Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.... Read more

    Affected Products : vitrea_view
    • Published: Dec. 09, 2022
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2022-38599

    Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface.... Read more

    Affected Products : teleport
    • Published: Dec. 08, 2022
    • Modified: Apr. 23, 2025

  • 8.1

    HIGH
    CVE-2022-37918

    Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive inf... Read more

    Affected Products : airwave
    • Published: Dec. 08, 2022
    • Modified: Apr. 23, 2025

  • 8.1

    HIGH
    CVE-2022-37917

    Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive inf... Read more

    Affected Products : airwave
    • Published: Dec. 08, 2022
    • Modified: Apr. 23, 2025

  • 8.1

    HIGH
    CVE-2022-37916

    Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive inf... Read more

    Affected Products : airwave
    • Published: Dec. 08, 2022
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-33186

    A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabl... Read more

    • Published: Dec. 08, 2022
    • Modified: Apr. 23, 2025
Showing 20 of 293608 Results