Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-3819

    Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial... Read more

    Affected Products : android
    • Published: Aug. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-40877

    Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.... Read more

    Affected Products : exam_reviewer_management_system
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2016-6150

    The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 22... Read more

    Affected Products : hana
    • Published: Aug. 05, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2020-15332

    Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.... Read more

    Affected Products : cloudcnm_secumanager
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-27602

    BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.... Read more

    Affected Products : bigbluebutton
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40315

    A limited SQL injection risk was identified in the "browse list of users" site administration page.... Read more

    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-42304

    An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.... Read more

    Affected Products : netbackup
    • Published: Oct. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22526

    In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API.... Read more

    • Published: Sep. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39274

    LoRaMac-node is a reference implementation and documentation of a LoRa network node. Versions of LoRaMac-node prior to 4.7.0 are vulnerable to a buffer overflow. Improper size validation of the incoming radio frames can lead to an 65280-byte out-of-bounds... Read more

    Affected Products : loramac-node
    • Published: Oct. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28814

    Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device.... Read more

    • Published: Sep. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40825

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.... Read more

    Affected Products : codeigniter
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-40833

    B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability.... Read more

    Affected Products : codeigniter
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42075

    Wedding Planner v1.0 is vulnerable to arbitrary code execution.... Read more

    Affected Products : wedding_planner
    • Published: Oct. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-32234

    An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application us... Read more

    Affected Products : hermes
    • Published: Oct. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-5817

    SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : webaccess
    • Published: Aug. 22, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2020-14129

    A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege.... Read more

    Affected Products : xiaomi
    • Published: Oct. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-41380

    The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-yaml
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41381

    The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-utility
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41383

    The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-archives
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41385

    The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-html
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025
Showing 20 of 293182 Results