Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-39244

    PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted c... Read more

    Affected Products : pjsip pjsip
    • EPSS Score: %0.18
    • Published: Oct. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-17042

    An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for str... Read more

    Affected Products : fedora debian_linux leap rsyslog
    • EPSS Score: %0.37
    • Published: Oct. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-54506

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.2. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.... Read more

    Affected Products : macos
    • Published: Dec. 12, 2024
    • Modified: Dec. 20, 2024

  • 9.8

    CRITICAL
    CVE-2022-39237

    syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital s... Read more

    Affected Products : singularity_image_format
    • EPSS Score: %0.06
    • Published: Oct. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39036

    The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt serv... Read more

    Affected Products : agentflow
    • EPSS Score: %2.77
    • Published: Nov. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39180

    College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page ... Read more

    Affected Products : college_management_system
    • EPSS Score: %0.07
    • Published: Nov. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39243

    NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's Java_java_lang_UNIXProcess_forkAndExec method (1.2.0+), attackers can use NUL characters in their strings to p... Read more

    Affected Products : linux_kernel nuprocess
    • EPSS Score: %0.29
    • Published: Sep. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39060

    ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts... Read more

    Affected Products : megaservisignadapter
    • EPSS Score: %0.24
    • Published: Jan. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39000

    The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.... Read more

    Affected Products : emui harmonyos magic_ui
    • EPSS Score: %0.16
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38999

    The AOD module has the improper update of reference count vulnerability. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.16
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38947

    SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title parameter, allows attackers to execute arbitrary code.... Read more

    Affected Products : flipkart-clone-php
    • Published: Dec. 09, 2024
    • Modified: May. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-38923

    BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload.... Read more

    Affected Products : bluepage_cms
    • EPSS Score: %0.28
    • Published: Apr. 03, 2023
    • Modified: Feb. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-38882

    The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-json
    • EPSS Score: %0.39
    • Published: Sep. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38827

    TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi... Read more

    Affected Products : t6_firmware t6
    • EPSS Score: %12.44
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38886

    The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-xml
    • EPSS Score: %0.36
    • Published: Sep. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39042

    aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service.... Read more

    Affected Products : a\+hrd
    • EPSS Score: %0.06
    • Published: Jan. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38883

    The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-math
    • EPSS Score: %0.14
    • Published: Sep. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38742

    Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer proces... Read more

    Affected Products : thinmanager thinmanager_thinserver
    • EPSS Score: %4.76
    • Published: Sep. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-38983

    The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.25
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-38922

    BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload.... Read more

    Affected Products : bluepage_cms
    • EPSS Score: %0.28
    • Published: Apr. 03, 2023
    • Modified: Feb. 18, 2025
Showing 20 of 292495 Results