Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2022-33646

    Azure Batch Node Agent Elevation of Privilege Vulnerability... Read more

    Affected Products : azure_batch
    • Published: Aug. 09, 2022
    • Modified: Jun. 05, 2025

  • 7.8

    HIGH
    CVE-2022-33640

    System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Jun. 05, 2025

  • 7.3

    HIGH
    CVE-2022-33631

    Microsoft Excel Security Feature Bypass Vulnerability... Read more

    • Published: Aug. 09, 2022
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2022-32555

    Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request. Thus, a cross-site request forgery attack could occur.... Read more

    Affected Products : data_exchange_management_studio
    • Published: Sep. 13, 2022
    • Modified: Jun. 05, 2025

  • 7.1

    HIGH
    CVE-2022-2989

    An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are use... Read more

    • Published: Sep. 13, 2022
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-2669

    The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : wp_taxonomy_import
    • Published: Sep. 16, 2022
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-2654

    The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a paramet... Read more

    • Published: Sep. 16, 2022
    • Modified: Jun. 05, 2025

  • 7.8

    HIGH
    CVE-2022-20392

    In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrad... Read more

    Affected Products : android
    • Published: Sep. 13, 2022
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-20389

    Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004... Read more

    Affected Products : android
    • Published: Sep. 13, 2022
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-20388

    Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323... Read more

    Affected Products : android
    • Published: Sep. 13, 2022
    • Modified: Jun. 05, 2025

  • 7.8

    HIGH
    CVE-2024-22919

    swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587.... Read more

    Affected Products : swftools
    • Published: Jan. 19, 2024
    • Modified: Jun. 05, 2025

  • 7.5

    HIGH
    CVE-2024-22851

    Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint.... Read more

    Affected Products : liveconfig
    • Published: Feb. 02, 2024
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2024-22817

    FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte... Read more

    Affected Products : flycms
    • Published: Jan. 18, 2024
    • Modified: Jun. 05, 2025

  • 8.1

    HIGH
    CVE-2024-22773

    Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass.... Read more

    • Published: Feb. 06, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-22548

    FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section.... Read more

    Affected Products : flycms
    • Published: Jan. 18, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-22496

    Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter.... Read more

    Affected Products : jfinalcms
    • Published: Jan. 23, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-22491

    A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter.... Read more

    Affected Products : beetl-bbs
    • Published: Jan. 16, 2024
    • Modified: Jun. 05, 2025

  • 5.5

    MEDIUM
    CVE-2024-22365

    linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.... Read more

    Affected Products : linux-pam
    • Published: Feb. 06, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-22108

    An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order to change the Ad... Read more

    Affected Products : gtb_central_console
    • Published: Feb. 02, 2024
    • Modified: Jun. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-22075

    Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.... Read more

    Affected Products : firefly_iii
    • Published: Jan. 05, 2024
    • Modified: Jun. 05, 2025
Showing 20 of 292803 Results