Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-41352

    An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user acc... Read more

    Affected Products : collaboration
    • Actively Exploited
    • Published: Sep. 26, 2022
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-41237

    Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.... Read more

    Affected Products : dotci
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-41226

    Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : compuware_common_configuration
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-39353

    xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection... Read more

    Affected Products : debian_linux xmldom
    • Published: Nov. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39135

    Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. The... Read more

    Affected Products : calcite
    • Published: Sep. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-37616

    A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; h... Read more

    Affected Products : debian_linux xmldom
    • Published: Oct. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4548

    A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It i... Read more

    Affected Products : ecommerce_cms
    • Published: Aug. 26, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-35744

    Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability... Read more

    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4489

    The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key predicti... Read more

    Affected Products : z\/ip_gateway_sdk
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-33481

    RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php.... Read more

    Affected Products : remote_clinic
    • Published: Nov. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4414

    A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to ... Read more

    • Published: Aug. 18, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4404

    The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers... Read more

    Affected Products : charitable
    • Published: Aug. 23, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4310

    BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an una... Read more

    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-29486

    Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access.... Read more

    Affected Products : hyperscan_library hyperscan
    • Published: Nov. 11, 2022
    • Modified: Feb. 05, 2025

  • 9.8

    CRITICAL
    CVE-2023-4249

    Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 has a command injection vulnerability in their implementation of their binaries and handling of network request... Read more

    • Published: Nov. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4192

    A vulnerability, which was classified as critical, was found in SourceCodester Resort Reservation System 1.0. This affects an unknown part of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to initiate ... Read more

    • Published: Aug. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-4149

    A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request hand... Read more

    • Published: Nov. 21, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2023-36419

    Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability... Read more

    Affected Products : azure_hdinsights
    • Published: Oct. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26495

    In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling poin... Read more

    • Published: Mar. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26136

    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerabili... Read more

    • Published: Jul. 20, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294283 Results