Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2023-49493

    DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php.... Read more

    Affected Products : dedecms
    • EPSS Score: %0.24
    • Published: Dec. 07, 2023
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-49437

    Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.... Read more

    Affected Products : ax12_firmware ax12
    • EPSS Score: %1.98
    • Published: Dec. 07, 2023
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-49404

    Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet.... Read more

    Affected Products : w30e_firmware w30e
    • EPSS Score: %0.12
    • Published: Dec. 07, 2023
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2023-49246

    Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.10
    • Published: Dec. 06, 2023
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2023-48834

    A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion.... Read more

    Affected Products : car_rental_script
    • EPSS Score: %0.17
    • Published: Dec. 07, 2023
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2023-46307

    An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating sys... Read more

    Affected Products : etcd_browser
    • EPSS Score: %0.49
    • Published: Dec. 07, 2023
    • Modified: May. 28, 2025

  • 4.3

    MEDIUM
    CVE-2023-45210

    Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access.... Read more

    Affected Products : pleasanter
    • EPSS Score: %0.19
    • Published: Dec. 06, 2023
    • Modified: May. 28, 2025

  • 8.2

    HIGH
    CVE-2023-43304

    An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.... Read more

    Affected Products : line
    • EPSS Score: %0.20
    • Published: Dec. 07, 2023
    • Modified: May. 28, 2025

  • 7.5

    HIGH
    CVE-2023-41835

    When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.... Read more

    Affected Products : struts
    • EPSS Score: %0.20
    • Published: Dec. 05, 2023
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2023-40301

    NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability.... Read more

    Affected Products : ngeniuspulse
    • EPSS Score: %0.84
    • Published: Dec. 07, 2023
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2022-41228

    A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials.... Read more

    • EPSS Score: %0.15
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 8.8

    HIGH
    CVE-2022-41227

    A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials.... Read more

    • EPSS Score: %0.09
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-41226

    Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more

    Affected Products : compuware_common_configuration
    • EPSS Score: %0.49
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-41225

    Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore ... Read more

    Affected Products : anchore_container_image_scanner
    • EPSS Score: %7.56
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-41224

    Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control to... Read more

    Affected Products : jenkins
    • EPSS Score: %1.24
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 7.0

    HIGH
    CVE-2022-41222

    mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.... Read more

    • EPSS Score: %0.01
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 5.5

    MEDIUM
    CVE-2022-41218

    In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.40
    • Published: Sep. 21, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-40357

    A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side Request Forgery (SSRF) vulnerability in the zb_users/plugin/UEditor/php/action_crawler.php file allows remote attackers to force the application to make arbitrary requests via injection ... Read more

    Affected Products : z-blogphp
    • EPSS Score: %2.66
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-40009

    SWFTools commit 772e55a was discovered to contain a heap-use-after-free via the function grow_unicode at /lib/ttf.c.... Read more

    Affected Products : swftools
    • EPSS Score: %0.32
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-40008

    SWFTools commit 772e55a was discovered to contain a heap-buffer overflow via the function readU8 at /lib/ttf.c.... Read more

    Affected Products : swftools
    • EPSS Score: %0.44
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025
Showing 20 of 291756 Results