Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2022-41541

    TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user.... Read more

    Affected Products : ax10_firmware ax10
    • EPSS Score: %0.55
    • Published: Oct. 18, 2022
    • Modified: May. 15, 2025

  • 5.9

    MEDIUM
    CVE-2022-41540

    The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obta... Read more

    Affected Products : ax10_firmware ax10
    • EPSS Score: %3.24
    • Published: Oct. 18, 2022
    • Modified: May. 15, 2025

  • 7.2

    HIGH
    CVE-2022-41537

    Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    • EPSS Score: %0.11
    • Published: Oct. 18, 2022
    • Modified: May. 15, 2025

  • 7.2

    HIGH
    CVE-2022-41534

    Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    • EPSS Score: %0.11
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 7.2

    HIGH
    CVE-2022-41533

    Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    • EPSS Score: %0.11
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 7.2

    HIGH
    CVE-2022-41504

    An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : billing_system
    • EPSS Score: %0.10
    • Published: Oct. 18, 2022
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2022-41475

    RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account.... Read more

    Affected Products : rpcms
    • EPSS Score: %0.16
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 6.5

    MEDIUM
    CVE-2022-41474

    RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account.... Read more

    Affected Products : rpcms
    • EPSS Score: %0.11
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2022-41473

    RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function.... Read more

    Affected Products : rpcms
    • EPSS Score: %28.91
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-41391

    OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php.... Read more

    Affected Products : ocomon
    • EPSS Score: %0.08
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-41390

    OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php.... Read more

    Affected Products : ocomon
    • EPSS Score: %0.08
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2022-41351

    In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10).... Read more

    Affected Products : collaboration
    • EPSS Score: %0.44
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2022-41350

    In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine.... Read more

    Affected Products : collaboration
    • EPSS Score: %0.44
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2022-41349

    In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine.... Read more

    Affected Products : collaboration
    • EPSS Score: %0.38
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 6.1

    MEDIUM
    CVE-2022-41348

    An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure.... Read more

    Affected Products : collaboration
    • EPSS Score: %0.44
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 5.3

    MEDIUM
    CVE-2022-41316

    HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieve... Read more

    Affected Products : vault
    • EPSS Score: %0.10
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-40871

    Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %78.76
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 9.8

    CRITICAL
    CVE-2022-40664

    Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.... Read more

    Affected Products : shiro
    • EPSS Score: %0.52
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 8.8

    HIGH
    CVE-2022-40469

    iKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability.... Read more

    Affected Products : ikuaios
    • EPSS Score: %4.21
    • Published: Oct. 12, 2022
    • Modified: May. 15, 2025

  • 8.0

    HIGH
    CVE-2022-40187

    Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user... Read more

    • EPSS Score: %0.04
    • Published: Oct. 13, 2022
    • Modified: May. 15, 2025
Showing 20 of 291722 Results