Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-29505

    An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.... Read more

    • EPSS Score: %0.28
    • Published: Aug. 04, 2023
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-28152

    An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.... Read more

    Affected Products : jword
    • EPSS Score: %0.04
    • Published: Mar. 24, 2023
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-28151

    An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.... Read more

    Affected Products : jspreadsheet
    • EPSS Score: %0.04
    • Published: Mar. 24, 2023
    • Modified: May. 30, 2025

  • 9.8

    CRITICAL
    CVE-2023-28150

    An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.... Read more

    Affected Products : jodf
    • EPSS Score: %0.04
    • Published: Mar. 24, 2023
    • Modified: May. 30, 2025

  • 7.1

    HIGH
    CVE-2023-26099

    An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consultation permission is insecure.... Read more

    Affected Products : apsal
    • EPSS Score: %0.03
    • Published: Apr. 24, 2023
    • Modified: May. 30, 2025

  • 8.2

    HIGH
    CVE-2023-26098

    An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code.... Read more

    Affected Products : apsal
    • EPSS Score: %0.04
    • Published: Apr. 25, 2023
    • Modified: May. 30, 2025

  • 8.4

    HIGH
    CVE-2023-26097

    An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked.... Read more

    Affected Products : apsal
    • EPSS Score: %0.02
    • Published: Apr. 24, 2023
    • Modified: May. 30, 2025

  • 4.3

    MEDIUM
    CVE-2022-45167

    An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users.... Read more

    Affected Products : archibus_web_central web_central
    • EPSS Score: %0.09
    • Published: Jan. 10, 2023
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2022-45166

    An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to thei... Read more

    Affected Products : archibus_web_central web_central
    • EPSS Score: %0.06
    • Published: Jan. 10, 2023
    • Modified: May. 30, 2025

  • 8.8

    HIGH
    CVE-2022-45165

    An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection.... Read more

    Affected Products : web_central
    • EPSS Score: %0.06
    • Published: Jan. 10, 2023
    • Modified: May. 30, 2025

  • 4.3

    MEDIUM
    CVE-2022-45164

    An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) a booking, created by someone else - even if this basic user is not a member of the booking... Read more

    Affected Products : archibus_web_central web_central
    • EPSS Score: %0.04
    • Published: Jan. 10, 2023
    • Modified: May. 30, 2025

  • 4.3

    MEDIUM
    CVE-2022-38482

    A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.... Read more

    Affected Products : hopex
    • EPSS Score: %0.30
    • Published: Jan. 10, 2023
    • Modified: May. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-38481

    An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The application is prone to reflected Cross-site Scripting (XSS) in several features.... Read more

    Affected Products : hopex
    • EPSS Score: %0.51
    • Published: Jan. 10, 2023
    • Modified: May. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-37028

    ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application.... Read more

    Affected Products : isams
    • EPSS Score: %0.12
    • Published: Sep. 27, 2022
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2022-36443

    An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction.... Read more

    Affected Products : enterprise_home_screen
    • EPSS Score: %0.03
    • Published: Jan. 10, 2023
    • Modified: May. 30, 2025

  • 5.5

    MEDIUM
    CVE-2022-36442

    An issue was discovered in Zebra Enterprise Home Screen 4.1.19. By using the embedded Google Chrome application, it is possible to install an unauthorized application via a downloaded APK.... Read more

    Affected Products : enterprise_home_screen
    • EPSS Score: %0.02
    • Published: Jan. 10, 2023
    • Modified: May. 30, 2025

  • 7.1

    HIGH
    CVE-2022-36441

    An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gboard used by different applications can be used to launch and use several other applications that are restricted by the admin.... Read more

    Affected Products : enterprise_home_screen
    • EPSS Score: %0.03
    • Published: Jan. 10, 2023
    • Modified: May. 30, 2025

  • 5.5

    MEDIUM
    CVE-2022-34910

    An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that use... Read more

    Affected Products : aremis_4_nomads
    • EPSS Score: %0.01
    • Published: Feb. 27, 2023
    • Modified: May. 30, 2025

  • 9.1

    CRITICAL
    CVE-2022-34909

    An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database.... Read more

    Affected Products : aremis_4_nomads
    • EPSS Score: %0.04
    • Published: Feb. 27, 2023
    • Modified: May. 30, 2025

  • 8.2

    HIGH
    CVE-2022-34908

    An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to t... Read more

    Affected Products : aremis_4_nomads
    • EPSS Score: %0.10
    • Published: Feb. 27, 2023
    • Modified: May. 30, 2025
Showing 20 of 291871 Results