Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-46996

    vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as esc... Read more

    Affected Products : vsphere_selfuse
    • Published: Dec. 14, 2022
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2025-30131

    An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges... Read more

    Affected Products :
    • Published: Jun. 26, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2021-39426

    An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set.... Read more

    Affected Products : seacms
    • Published: Dec. 15, 2022
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-42529

    Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A... Read more

    Affected Products : android
    • Published: Dec. 16, 2022
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2025-28970

    Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic allows Object Injection. This issue affects WP Optimize By xTraffic: from n/a through 5.1.6.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-4566

    A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch... Read more

    Affected Products : ruoyi
    • Published: Dec. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31650

    A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter.... Read more

    Affected Products : online_grading_system
    • Published: Dec. 16, 2022
    • Modified: Apr. 21, 2025

  • 9.8

    CRITICAL
    CVE-2021-4248

    A vulnerability was found in kapetan dns up to 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file DNS/Protocol/Request.cs. The manipulation leads to insufficient entropy in prng. The attack may be lau... Read more

    Affected Products : kapetan_dns
    • Published: Dec. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4606

    PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.... Read more

    Affected Products : flatpress
    • Published: Dec. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-44752

    HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file.  This vuln... Read more

    Affected Products : domino
    • Published: Dec. 19, 2022
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-44754

    HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is d... Read more

    Affected Products : domino
    • Published: Dec. 19, 2022
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2020-36618

    A vulnerability classified as critical has been found in Furqan node-whois. Affected is an unknown function of the file index.coffee. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It i... Read more

    Affected Products : node_whois
    • Published: Dec. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4259

    A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string... Read more

    Affected Products : phpredisadmin
    • Published: Dec. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-28173

    The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.... Read more

    • Published: Dec. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-6777

    A vulnerability, which was classified as critical, has been found in code-projects Food Distributor Site 1.0. This issue affects some unknown processing of the file /admin/process_login.php. The manipulation of the argument username/password leads to sql ... Read more

    Affected Products : food_distributor_site
    • Published: Jun. 27, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2022-44108

    pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copy(Object*):Object.cc.... Read more

    Affected Products : pdftojson
    • Published: Dec. 19, 2022
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-44109

    pdftojson commit 94204bb was discovered to contain a stack overflow via the component Stream::makeFilter(char*, Stream*, Object*, int).... Read more

    Affected Products : pdftojson
    • Published: Dec. 19, 2022
    • Modified: Apr. 17, 2025

  • 9.8

    CRITICAL
    CVE-2022-23542

    OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This i... Read more

    Affected Products : openfga
    • Published: Dec. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-47926

    AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php... Read more

    Affected Products : ayacms
    • Published: Dec. 22, 2022
    • Modified: Apr. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-4686

    Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.... Read more

    Affected Products : memos
    • Published: Dec. 23, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294287 Results