Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-2778

    In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.... Read more

    Affected Products : linux_kernel windows octopus_server
    • EPSS Score: %0.06
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.5

    HIGH
    CVE-2022-24373

    The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.... Read more

    Affected Products : react_native_reanimated
    • EPSS Score: %0.07
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-22387

    IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session... Read more

    Affected Products : application_gateway
    • EPSS Score: %0.11
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2021-41434

    A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php.... Read more

    • EPSS Score: %0.14
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 4.6

    MEDIUM
    CVE-2025-22383

    An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could con... Read more

    Affected Products : configured_commerce
    • Published: Jan. 04, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2025-22384

    An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios w... Read more

    Affected Products : configured_commerce
    • Published: Jan. 04, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2024-6797

    The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (f... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2024-6719

    The Offload Videos WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow low privilege users to update them via a CSRF attack... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.2

    MEDIUM
    CVE-2022-41848

    drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_de... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-41847

    An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp.... Read more

    Affected Products : bento4
    • EPSS Score: %0.24
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-41846

    An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.... Read more

    Affected Products : bento4
    • EPSS Score: %0.04
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-41845

    An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h.... Read more

    Affected Products : bento4
    • EPSS Score: %0.03
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-41844

    An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.... Read more

    Affected Products : xpdf
    • EPSS Score: %0.04
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-41843

    An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.... Read more

    Affected Products : xpdf
    • EPSS Score: %0.07
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-41842

    An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.... Read more

    Affected Products : xpdf
    • EPSS Score: %0.27
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-41841

    An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File.... Read more

    Affected Products : bento4
    • EPSS Score: %0.03
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 8.8

    HIGH
    CVE-2022-41828

    In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.... Read more

    • EPSS Score: %47.68
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41440

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php.... Read more

    Affected Products : billing_system_project
    • EPSS Score: %0.07
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41439

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php.... Read more

    Affected Products : billing_system_project
    • EPSS Score: %0.07
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41437

    Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php.... Read more

    Affected Products : billing_system_project
    • EPSS Score: %1.28
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025
Showing 20 of 292247 Results