Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2023-37528

    A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report. ... Read more

    Affected Products : bigfix_platform
    • Published: Feb. 03, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2023-37527

    A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering c... Read more

    Affected Products : bigfix_platform
    • Published: Feb. 02, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-37523

    Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser. ... Read more

    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 5.5

    MEDIUM
    CVE-2023-34042

    The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732:... Read more

    • Published: Feb. 05, 2024
    • Modified: Jun. 03, 2025

  • 5.5

    MEDIUM
    CVE-2023-31002

    IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657.... Read more

    • Published: Feb. 07, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2022-40713

    An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.... Read more

    Affected Products : 1350_optical_management_system
    • Published: Sep. 19, 2022
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2022-40712

    An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints.... Read more

    Affected Products : 1350_optical_management_system
    • Published: Sep. 19, 2022
    • Modified: Jun. 03, 2025

  • 7.2

    HIGH
    CVE-2022-38833

    School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=.... Read more

    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 7.2

    HIGH
    CVE-2022-38832

    School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=.... Read more

    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2022-38577

    ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.... Read more

    Affected Products : processmaker
    • Published: Sep. 19, 2022
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-23767

    This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining pr... Read more

    Affected Products : windows securegate weblink
    • Published: Sep. 19, 2022
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2021-42949

    The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.... Read more

    Affected Products : hoteldruid
    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2024-23388

    Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of ... Read more

    Affected Products : mercari
    • Published: Jan. 26, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-38317

    An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.... Read more

    Affected Products : opennds
    • Published: Jan. 26, 2024
    • Modified: Jun. 03, 2025

  • 9.1

    CRITICAL
    CVE-2022-39008

    The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-39007

    The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.... Read more

    Affected Products : emui harmonyos
    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2022-39001

    The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure.... Read more

    Affected Products : emui harmonyos magic_ui
    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-38887

    The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-python
    • Published: Sep. 19, 2022
    • Modified: Jun. 03, 2025

  • 7.2

    HIGH
    CVE-2022-38878

    School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=.... Read more

    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025

  • 7.2

    HIGH
    CVE-2022-38877

    Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1.... Read more

    Affected Products : garage_management_system
    • Published: Sep. 16, 2022
    • Modified: Jun. 03, 2025
Showing 20 of 292786 Results