Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-42238

    A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.... Read more

    Affected Products : merchandise_online_store
    • EPSS Score: %0.10
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-42236

    A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form.... Read more

    Affected Products : merchandise_online_store
    • EPSS Score: %0.11
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-42037

    The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-asns
    • EPSS Score: %0.13
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 8.8

    HIGH
    CVE-2022-42034

    Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php.... Read more

    Affected Products : wedding_planner
    • EPSS Score: %0.57
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41387

    The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-pdfs
    • EPSS Score: %0.13
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41386

    The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-utility
    • EPSS Score: %0.13
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41382

    The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-json
    • EPSS Score: %0.13
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41381

    The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-utility
    • EPSS Score: %0.33
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41380

    The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-yaml
    • EPSS Score: %0.33
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 6.1

    MEDIUM
    CVE-2022-41376

    Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function.... Read more

    Affected Products : metro_ui
    • EPSS Score: %0.12
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 5.2

    MEDIUM
    CVE-2022-41210

    SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain ... Read more

    Affected Products : customer_data_cloud
    • EPSS Score: %0.18
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2022-41202

    Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be trigger... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • EPSS Score: %2.07
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2022-41189

    Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be trigger... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • EPSS Score: %2.07
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-32175

    In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying ... Read more

    Affected Products : adguardhome
    • EPSS Score: %0.05
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 2.7

    LOW
    CVE-2025-27192

    Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vul... Read more

    Affected Products : commerce magento commerce_b2b
    • Published: Apr. 08, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2023-42113

    PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    • Published: May. 03, 2024
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2023-42112

    PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    • Published: May. 03, 2024
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2023-42111

    PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this ... Read more

    • Published: May. 03, 2024
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2023-42110

    PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more

    • Published: May. 03, 2024
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2023-39485

    PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this... Read more

    • Published: May. 03, 2024
    • Modified: May. 20, 2025
Showing 20 of 292316 Results