Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-37028

    ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application.... Read more

    Affected Products : isams
    • EPSS Score: %0.12
    • Published: Sep. 27, 2022
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2022-36443

    An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction.... Read more

    Affected Products : enterprise_home_screen
    • EPSS Score: %0.03
    • Published: Jan. 10, 2023
    • Modified: May. 30, 2025

  • 5.5

    MEDIUM
    CVE-2022-36442

    An issue was discovered in Zebra Enterprise Home Screen 4.1.19. By using the embedded Google Chrome application, it is possible to install an unauthorized application via a downloaded APK.... Read more

    Affected Products : enterprise_home_screen
    • EPSS Score: %0.02
    • Published: Jan. 10, 2023
    • Modified: May. 30, 2025

  • 7.1

    HIGH
    CVE-2022-36441

    An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gboard used by different applications can be used to launch and use several other applications that are restricted by the admin.... Read more

    Affected Products : enterprise_home_screen
    • EPSS Score: %0.03
    • Published: Jan. 10, 2023
    • Modified: May. 30, 2025

  • 5.5

    MEDIUM
    CVE-2022-34910

    An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that use... Read more

    Affected Products : aremis_4_nomads
    • EPSS Score: %0.01
    • Published: Feb. 27, 2023
    • Modified: May. 30, 2025

  • 9.1

    CRITICAL
    CVE-2022-34909

    An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database.... Read more

    Affected Products : aremis_4_nomads
    • EPSS Score: %0.04
    • Published: Feb. 27, 2023
    • Modified: May. 30, 2025

  • 8.2

    HIGH
    CVE-2022-34908

    An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to t... Read more

    Affected Products : aremis_4_nomads
    • EPSS Score: %0.10
    • Published: Feb. 27, 2023
    • Modified: May. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-30332

    In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers t... Read more

    Affected Products : administration_center
    • EPSS Score: %0.20
    • Published: Jan. 10, 2023
    • Modified: May. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-29931

    The administration interface of the Raytion Custom Security Manager (Raytion CSM) in Version 7.2.0 allows reflected Cross-site Scripting (XSS).... Read more

    Affected Products : custom_security_manager
    • EPSS Score: %0.23
    • Published: Jun. 25, 2022
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2022-24967

    Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS).... Read more

    Affected Products : nimbus
    • EPSS Score: %0.27
    • Published: Jun. 02, 2022
    • Modified: May. 30, 2025

  • 6.5

    MEDIUM
    CVE-2022-24447

    An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.... Read more

    Affected Products : manageengine_key_manager_plus
    • EPSS Score: %0.50
    • Published: Mar. 02, 2022
    • Modified: May. 30, 2025

  • 4.3

    MEDIUM
    CVE-2022-24446

    An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.... Read more

    Affected Products : manageengine_key_manager_plus
    • EPSS Score: %2.01
    • Published: Mar. 01, 2022
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2021-44035

    Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files.... Read more

    Affected Products : teammate_audit_management
    • EPSS Score: %0.18
    • Published: Dec. 17, 2021
    • Modified: May. 30, 2025

  • 8.1

    HIGH
    CVE-2021-43978

    Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials.... Read more

    Affected Products : allegro
    • EPSS Score: %0.22
    • Published: Dec. 08, 2021
    • Modified: May. 30, 2025

  • 5.5

    MEDIUM
    CVE-2021-42111

    An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS app version 1.4.1631262629 resolves this issue by stori... Read more

    Affected Products : openotp_token
    • EPSS Score: %0.05
    • Published: Nov. 10, 2021
    • Modified: May. 30, 2025

  • 7.8

    HIGH
    CVE-2021-42110

    An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking.... Read more

    Affected Products : allegro
    • EPSS Score: %0.06
    • Published: Dec. 08, 2021
    • Modified: May. 30, 2025

  • 5.5

    MEDIUM
    CVE-2021-41320

    A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded (it can be changed during installati... Read more

    Affected Products : wallstreet_suite
    • EPSS Score: %0.06
    • Published: Oct. 15, 2021
    • Modified: May. 30, 2025

  • 8.1

    HIGH
    CVE-2021-38618

    In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement.... Read more

    Affected Products : workforce_management
    • EPSS Score: %0.26
    • Published: Oct. 04, 2021
    • Modified: May. 30, 2025

  • 8.8

    HIGH
    CVE-2021-38617

    In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation.... Read more

    Affected Products : natural_language_processing
    • EPSS Score: %0.88
    • Published: Sep. 07, 2021
    • Modified: May. 30, 2025

  • 8.8

    HIGH
    CVE-2021-38616

    In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users'... Read more

    Affected Products : natural_language_processing
    • EPSS Score: %0.90
    • Published: Sep. 07, 2021
    • Modified: May. 30, 2025
Showing 20 of 291878 Results