Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-29982

    Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=.... Read more

    Affected Products : simple_client_management_system
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29999

    Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editClient.php?client_id=.... Read more

    • Published: May. 12, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-29988

    Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete.... Read more

    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29917

    Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough e... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Dec. 22, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-29986

    Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_facility.... Read more

    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29987

    Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/manage_user&id=.... Read more

    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29995

    Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=.... Read more

    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29906

    The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.... Read more

    Affected Products : mediawiki
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29998

    Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/clientStatus.php?client_id=.... Read more

    • Published: May. 12, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-29904

    The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.... Read more

    Affected Products : mediawiki
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29859

    component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data.... Read more

    Affected Products : amb1_sdk
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29806

    ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.... Read more

    Affected Products : zoneminder
    • Published: Apr. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2128

    Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4.... Read more

    Affected Products : trudesk
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29739

    Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=.... Read more

    Affected Products : money_transfer_management_system
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29875

    A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versio... Read more

    • Published: Jun. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29851

    documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document.... Read more

    Affected Products : ox_app_suite
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-29750

    Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service.... Read more

    Affected Products : simple_client_management_system
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29746

    Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete.... Read more

    Affected Products : money_transfer_management_system
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29601

    The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 allows SQL Injection.... Read more

    Affected Products : seminars
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29596

    MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd=_any_password_&ConnMode=1&3054=Login substring for directory traversal.... Read more

    Affected Products : enterprise_manager
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results