Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-29995

    Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=.... Read more

    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29906

    The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.... Read more

    Affected Products : mediawiki
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29998

    Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/clientStatus.php?client_id=.... Read more

    • Published: May. 12, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-29904

    The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.... Read more

    Affected Products : mediawiki
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29859

    component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data.... Read more

    Affected Products : amb1_sdk
    • Published: Apr. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29806

    ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.... Read more

    Affected Products : zoneminder
    • Published: Apr. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-2128

    Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4.... Read more

    Affected Products : trudesk
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29739

    Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=.... Read more

    Affected Products : money_transfer_management_system
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29875

    A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versio... Read more

    • Published: Jun. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29851

    documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document.... Read more

    Affected Products : ox_app_suite
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-29750

    Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service.... Read more

    Affected Products : simple_client_management_system
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29746

    Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete.... Read more

    Affected Products : money_transfer_management_system
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29601

    The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 allows SQL Injection.... Read more

    Affected Products : seminars
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29596

    MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd=_any_password_&ConnMode=1&3054=Login substring for directory traversal.... Read more

    Affected Products : enterprise_manager
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29604

    An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the ne... Read more

    Affected Products : onos
    • Published: Apr. 20, 2023
    • Modified: Feb. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-29633

    An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie.... Read more

    Affected Products : linglong
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29520

    An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to tri... Read more

    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29599

    In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.... Read more

    Affected Products : debian_linux maven maven_shared_utils
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29528

    An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.... Read more

    Affected Products : misp
    • Published: Apr. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29465

    An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this... Read more

    Affected Products : imagegear
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293350 Results