Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-10482

    The Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO WordPress plugin before 1.5.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.... Read more

    Affected Products : media_library_tools
    • Published: Nov. 21, 2024
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-24059

    springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files.... Read more

    Affected Products : springboot-manager
    • EPSS Score: %0.13
    • Published: Feb. 01, 2024
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-22927

    Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.... Read more

    Affected Products : eyoucms
    • EPSS Score: %2.55
    • Published: Feb. 01, 2024
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2024-20977

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access ... Read more

    Affected Products : mysql oncommand_insight mysql_server
    • EPSS Score: %0.23
    • Published: Jan. 16, 2024
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2024-20948

    Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : knowledge_management
    • EPSS Score: %0.22
    • Published: Jan. 16, 2024
    • Modified: May. 15, 2025

  • 9.1

    CRITICAL
    CVE-2023-5841

    Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. T... Read more

    Affected Products : openexr
    • EPSS Score: %0.66
    • Published: Feb. 01, 2024
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2022-42221

    Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability.... Read more

    Affected Products : r6220_firmware r6220
    • EPSS Score: %0.64
    • Published: Oct. 17, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-42171

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %0.17
    • Published: Oct. 17, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-42170

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %0.17
    • Published: Oct. 17, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-42169

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %0.17
    • Published: Oct. 17, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-42168

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %0.17
    • Published: Oct. 17, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-42167

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %0.17
    • Published: Oct. 17, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-42164

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState.... Read more

    Affected Products : ac10_firmware ac10
    • EPSS Score: %0.17
    • Published: Oct. 17, 2022
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2022-42086

    Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode.... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %0.07
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 7.5

    HIGH
    CVE-2022-42081

    Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter.... Read more

    Affected Products : ac1206_firmware ac1206
    • EPSS Score: %0.12
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2022-41500

    EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components.... Read more

    Affected Products : eyoucms
    • EPSS Score: %0.10
    • Published: Oct. 18, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-41497

    ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the pkg_url parameter at /manager/index.php.... Read more

    Affected Products : clippercms
    • EPSS Score: %0.10
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-41496

    iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.... Read more

    Affected Products : icms
    • EPSS Score: %0.11
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-41495

    ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php.... Read more

    Affected Products : clippercms
    • EPSS Score: %0.12
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 8.1

    HIGH
    CVE-2022-41489

    WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component ... Read more

    • EPSS Score: %0.06
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025
Showing 20 of 291739 Results