Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-28411

    Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/admin/?page=agents/manage_agent.... Read more

    Affected Products : simple_real_estate_portal_system
    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29063

    The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-u... Read more

    Affected Products : ofbiz
    • Published: Sep. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29130

    Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability... Read more

    • Published: May. 10, 2022
    • Modified: Jan. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-29023

    A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device.... Read more

    Affected Products : openrazer
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28945

    An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file.... Read more

    Affected Products : webcube
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29081

    Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEven... Read more

    • Published: Apr. 28, 2022
    • Modified: Jan. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-28927

    A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters.... Read more

    Affected Products : subconverter
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29007

    Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.... Read more

    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29022

    A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device.... Read more

    Affected Products : openrazer
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28929

    Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.... Read more

    Affected Products : hospital_management_system
    • Published: May. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29021

    A buffer overflow vulnerability exists in the razerkbd driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device.... Read more

    Affected Products : openrazer
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28738

    A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.... Read more

    Affected Products : ruby
    • Published: May. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28711

    A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trig... Read more

    Affected Products : apweb
    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28620

    A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all ver... Read more

    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28557

    There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution... Read more

    Affected Products : ac15_firmware ac15
    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28512

    A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in "/fantasticblog/single.php" via the "id=5" parameters.... Read more

    Affected Products : fantastic_blog
    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28623

    Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd l... Read more

    • Published: Jul. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28521

    ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config.... Read more

    Affected Products : zcms
    • Published: Apr. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28497

    TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted requ... Read more

    Affected Products : cp900_firmware cp900
    • Published: Mar. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28470

    marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.... Read more

    Affected Products : pypi
    • Published: May. 08, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results