Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-41380

    The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-yaml
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41381

    The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-utility
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41383

    The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-archives
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41385

    The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-html
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-31228

    Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account.... Read more

    • Published: Oct. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6825

    Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R00... Read more

    • Published: Sep. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2022-41391

    OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php.... Read more

    Affected Products : ocomon
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-41580

    The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.... Read more

    Affected Products : emui harmonyos
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-42149

    kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.... Read more

    Affected Products : kkfileview
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-39056

    RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database.... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-3583

    A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument business leads to sql injection. The attack can be... Read more

    Affected Products : canteen_management_system
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-33873

    An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated at... Read more

    Affected Products : fortitester
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-43028

    Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter at /goform/SetSysTimeCfg.... Read more

    Affected Products : tx3_firmware tx3
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-39312

    Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server tar... Read more

    Affected Products : dataease
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39341

    OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users who have wildcard (`*`) defined on tupleset relations in their authorization model are vulnerable. Versio... Read more

    Affected Products : openfga
    • Published: Oct. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39976

    School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /modules/announcement/index.php?view=edit&id=.... Read more

    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-40876

    In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE).... Read more

    Affected Products : ax1803_firmware ax1803
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-3731

    A vulnerability has been found in seccome Ehoney and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/v1/attack/token. The manipulation of the argument Payload leads to sql injection. The attack can be la... Read more

    Affected Products : ehoney
    • Published: Oct. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-42777

    Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.D... Read more

    Affected Products : reports
    • Published: Oct. 29, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-40741

    Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt service.... Read more

    Affected Products : mail_sqr_expert
    • Published: Oct. 31, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293330 Results