Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2024-6393

    The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltere... Read more

    Affected Products : nextgen_gallery
    • Published: Nov. 25, 2024
    • Modified: May. 15, 2025

  • 7.8

    HIGH
    CVE-2025-1683

    Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links.... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Path Traversal

  • 3.3

    LOW
    CVE-2024-23217

    A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences.... Read more

    Affected Products : macos iphone_os watchos ipados
    • EPSS Score: %0.01
    • Published: Jan. 23, 2024
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2024-23206

    An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerpri... Read more

    Affected Products : macos iphone_os tvos watchos safari ipados
    • EPSS Score: %0.48
    • Published: Jan. 23, 2024
    • Modified: May. 15, 2025

  • 4.3

    MEDIUM
    CVE-2024-0809

    Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : fedora chrome edge_chromium
    • EPSS Score: %0.02
    • Published: Jan. 24, 2024
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2022-42156

    D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings.... Read more

    • EPSS Score: %1.92
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 8.1

    HIGH
    CVE-2022-41674

    An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.... Read more

    Affected Products : linux_kernel fedora debian_linux
    • EPSS Score: %0.17
    • Published: Oct. 14, 2022
    • Modified: May. 15, 2025

  • 8.1

    HIGH
    CVE-2022-41541

    TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user.... Read more

    Affected Products : ax10_firmware ax10
    • EPSS Score: %0.55
    • Published: Oct. 18, 2022
    • Modified: May. 15, 2025

  • 5.9

    MEDIUM
    CVE-2022-41540

    The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obta... Read more

    Affected Products : ax10_firmware ax10
    • EPSS Score: %3.24
    • Published: Oct. 18, 2022
    • Modified: May. 15, 2025

  • 7.2

    HIGH
    CVE-2022-41537

    Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    • EPSS Score: %0.11
    • Published: Oct. 18, 2022
    • Modified: May. 15, 2025

  • 7.2

    HIGH
    CVE-2022-41534

    Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    • EPSS Score: %0.11
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 7.2

    HIGH
    CVE-2022-41533

    Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    • EPSS Score: %0.11
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 7.2

    HIGH
    CVE-2022-41504

    An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : billing_system
    • EPSS Score: %0.10
    • Published: Oct. 18, 2022
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2022-41475

    RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account.... Read more

    Affected Products : rpcms
    • EPSS Score: %0.16
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2022-41474

    RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account.... Read more

    Affected Products : rpcms
    • EPSS Score: %0.11
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2022-41473

    RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function.... Read more

    Affected Products : rpcms
    • EPSS Score: %28.91
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-41391

    OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php.... Read more

    Affected Products : ocomon
    • EPSS Score: %0.08
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-41390

    OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php.... Read more

    Affected Products : ocomon
    • EPSS Score: %0.08
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2022-41351

    In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10).... Read more

    Affected Products : collaboration
    • EPSS Score: %0.44
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2022-41350

    In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine.... Read more

    Affected Products : collaboration
    • EPSS Score: %0.44
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025
Showing 20 of 291712 Results