Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-46833

    Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The pa... Read more

    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-46609

    Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user infor... Read more

    Affected Products : python3-restfulapi
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-46443

    mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.... Read more

    Affected Products : bangresto
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-46404

    A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary f... Read more

    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 6.1

    MEDIUM
    CVE-2022-46381

    Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.... Read more

    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-46355

    A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA... Read more

    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.3

    MEDIUM
    CVE-2022-46354

    A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA... Read more

    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 6.5

    MEDIUM
    CVE-2022-46059

    AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).... Read more

    Affected Products : aerocms
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 4.8

    MEDIUM
    CVE-2022-46058

    AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.... Read more

    Affected Products : aerocms
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 7.2

    HIGH
    CVE-2022-46051

    The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.... Read more

    Affected Products : aerocms
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 4.9

    MEDIUM
    CVE-2022-46047

    AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.... Read more

    Affected Products : aerocms
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 8.1

    HIGH
    CVE-2022-45936

    A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensit... Read more

    Affected Products : mendix_email_connector
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-45871

    A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing ICAP request. The exploit can be triggered remotely by an attacker.... Read more

    Affected Products : atlant
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-45693

    Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.... Read more

    Affected Products : debian_linux jettison
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-45689

    hutool-json v5.8.10 was discovered to contain an out of memory error.... Read more

    Affected Products : hutool
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 6.1

    MEDIUM
    CVE-2022-44303

    Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the "{schedule_job}" or "args" parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client s... Read more

    Affected Products : resque-scheduler
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-43996

    The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently... Read more

    Affected Products : csaf_provider
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-42811

    An access issue was addressed with additional sandbox restrictions. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Nov. 01, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-42810

    The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing a maliciously crafted USD file may disclose memory contents.... Read more

    Affected Products : macos iphone_os tvos ipados
    • Published: Nov. 01, 2022
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2022-42809

    The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution.... Read more

    Affected Products : macos
    • Published: Nov. 01, 2022
    • Modified: Apr. 22, 2025
Showing 20 of 294070 Results