Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2022-40604

    In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.... Read more

    Affected Products : airflow
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2022-39975

    The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "C... Read more

    Affected Products : liferay_portal dxp
    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2022-38928

    XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.... Read more

    Affected Products : xpdf
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2022-37877

    A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance ... Read more

    Affected Products : macos clearpass_policy_manager
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 5.4

    MEDIUM
    CVE-2022-37246

    Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.... Read more

    Affected Products : craft_cms
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-37026

    In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.... Read more

    Affected Products : erlang\/otp
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 5.5

    MEDIUM
    CVE-2022-35085

    SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.... Read more

    Affected Products : swftools
    • Published: Sep. 21, 2022
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-32882

    This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences.... Read more

    Affected Products : macos
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 5.3

    MEDIUM
    CVE-2022-32861

    A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address.... Read more

    Affected Products : macos safari
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2022-32211

    A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret.... Read more

    Affected Products : rocket.chat
    • Published: Sep. 23, 2022
    • Modified: May. 27, 2025

  • 5.4

    MEDIUM
    CVE-2022-28978

    Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service... Read more

    • Published: Sep. 22, 2022
    • Modified: May. 27, 2025

  • 7.8

    HIGH
    CVE-2022-28637

    A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard... Read more

    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 8.8

    HIGH
    CVE-2022-23685

    A vulnerability in the ClearPass Policy Manager web-based management interface exists which exposes some endpoints to a lack of Cross-Site Request Forgery (CSRF) protection. This could allow a remote unauthenticated attacker to execute arbitrary input aga... Read more

    Affected Products : clearpass_policy_manager
    • Published: Sep. 20, 2022
    • Modified: May. 27, 2025

  • 4.8

    MEDIUM
    CVE-2024-46333

    An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function.... Read more

    Affected Products : piwigo
    • Published: Sep. 27, 2024
    • Modified: May. 27, 2025

  • 7.6

    HIGH
    CVE-2024-46510

    ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface... Read more

    Affected Products : cdg
    • Published: Sep. 30, 2024
    • Modified: May. 27, 2025

  • 6.3

    MEDIUM
    CVE-2024-46485

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate... Read more

    Affected Products : dingfanzu dingfanzu_cms
    • Published: Sep. 25, 2024
    • Modified: May. 27, 2025

  • 4.7

    MEDIUM
    CVE-2024-46600

    dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31... Read more

    Affected Products : dingfanzu dingfanzu_cms
    • Published: Sep. 25, 2024
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2024-46632

    Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.... Read more

    Affected Products : assimp
    • Published: Sep. 26, 2024
    • Modified: May. 27, 2025

  • 9.8

    CRITICAL
    CVE-2025-3045

    A vulnerability, which was classified as critical, was found in oretnom23/SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /remove-apartment.php. The manipulation of the argument ID leads to sql injection... Read more

    • Published: Apr. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-30849

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects Essential Real Estate: from n/a through 5.2.0.... Read more

    Affected Products : essential_real_estate
    • Published: Apr. 01, 2025
    • Modified: May. 27, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293254 Results