Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-3023

    Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3.... Read more

    Affected Products : tidb
    • Published: Nov. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-125050

    A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The patch is identified as 6317c67a56061aeeaeed3cf9ec665fd9983... Read more

    Affected Products : voter-js
    • Published: Jan. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-39352

    OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard... Read more

    Affected Products : openfga
    • Published: Nov. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-125051

    A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading to... Read more

    Affected Products : yii2-jqgrid-widget
    • Published: Jan. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-34824

    Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earl... Read more

    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-44551

    The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.... Read more

    Affected Products : emui harmonyos
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-44562

    The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.... Read more

    Affected Products : emui harmonyos
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-44088

    ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION.... Read more

    Affected Products : espcms
    • Published: Nov. 10, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-39073

    There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands.... Read more

    Affected Products : mf286r_firmware mf286r
    • Published: Jan. 06, 2023
    • Modified: Apr. 10, 2025

  • 9.8

    CRITICAL
    CVE-2022-43074

    AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : ayacms
    • Published: Nov. 10, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-3939

    A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. ... Read more

    Affected Products : ferry
    • Published: Nov. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-26845

    Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.... Read more

    • Published: Nov. 11, 2022
    • Modified: Feb. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-36938

    DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.... Read more

    Affected Products : redex
    • Published: Nov. 11, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-3956

    A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Affected is an unknown function of the component Patient Portrait Handler. The manipulation of the argument PID leads to sql injection. It is possible to launch the attack remotel... Read more

    Affected Products : hhims
    • Published: Nov. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-42058

    Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.... Read more

    Affected Products : w15e_firmware w15e
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-24942

    Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request. ... Read more

    • Published: Nov. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-44006

    An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote... Read more

    Affected Products : backclick
    • Published: Nov. 16, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-45474

    drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request.... Read more

    Affected Products : drachtio-server
    • Published: Nov. 18, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-4070

    Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.... Read more

    Affected Products : librenms
    • Published: Nov. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-24649

    The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having ac... Read more

    Affected Products : wp_user_frontend
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025
Showing 20 of 293651 Results