Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-41828

    In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.... Read more

    • EPSS Score: %47.68
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41440

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php.... Read more

    Affected Products : billing_system_project
    • EPSS Score: %0.07
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41439

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php.... Read more

    Affected Products : billing_system_project
    • EPSS Score: %0.07
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41437

    Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php.... Read more

    Affected Products : billing_system_project
    • EPSS Score: %1.28
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-40887

    SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection.... Read more

    • EPSS Score: %0.43
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 6.1

    MEDIUM
    CVE-2022-40879

    kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'... Read more

    Affected Products : kkfileview
    • EPSS Score: %20.41
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 8.0

    HIGH
    CVE-2022-40472

    ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field o... Read more

    Affected Products : zkbio_time
    • EPSS Score: %0.13
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 8.8

    HIGH
    CVE-2022-40407

    A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.... Read more

    Affected Products : chamilo_lms chamilo
    • EPSS Score: %1.17
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-40048

    Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function.... Read more

    Affected Products : flatpress
    • EPSS Score: %1.82
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 6.5

    MEDIUM
    CVE-2022-3287

    When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.... Read more

    Affected Products : fwupd
    • EPSS Score: %0.10
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 7.5

    HIGH
    CVE-2022-3215

    NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in so... Read more

    Affected Products : swiftnio
    • EPSS Score: %0.08
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 7.5

    HIGH
    CVE-2022-39173

    In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Cli... Read more

    Affected Products : wolfssl
    • EPSS Score: %1.51
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 6.1

    MEDIUM
    CVE-2022-37461

    Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the ... Read more

    Affected Products : medical_vitrea_view
    • EPSS Score: %1.29
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 6.5

    MEDIUM
    CVE-2022-35888

    Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.... Read more

    • EPSS Score: %0.38
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-35137

    DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.... Read more

    Affected Products : dgiot
    • EPSS Score: %0.15
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-33880

    hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.... Read more

    • EPSS Score: %0.08
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 7.5

    HIGH
    CVE-2019-5797

    Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome
    • EPSS Score: %3.11
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-34441

    Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to t... Read more

    • EPSS Score: %0.07
    • Published: Jan. 11, 2023
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-34440

    Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to th... Read more

    • EPSS Score: %0.13
    • Published: Jan. 11, 2023
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-34442

    Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to ... Read more

    • EPSS Score: %0.06
    • Published: Jan. 18, 2023
    • Modified: May. 20, 2025
Showing 20 of 292650 Results