Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-6719

    The Offload Videos WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow low privilege users to update them via a CSRF attack... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.2

    MEDIUM
    CVE-2022-41848

    drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_de... Read more

    Affected Products : linux_kernel
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-41847

    An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp.... Read more

    Affected Products : bento4
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-41846

    An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.... Read more

    Affected Products : bento4
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-41845

    An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h.... Read more

    Affected Products : bento4
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-41844

    An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.... Read more

    Affected Products : xpdf
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-41843

    An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.... Read more

    Affected Products : xpdf
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-41842

    An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.... Read more

    Affected Products : xpdf
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-41841

    An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File.... Read more

    Affected Products : bento4
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 8.8

    HIGH
    CVE-2022-41828

    In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.... Read more

    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41440

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php.... Read more

    Affected Products : billing_system_project
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41439

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php.... Read more

    Affected Products : billing_system_project
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41437

    Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php.... Read more

    Affected Products : billing_system_project
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-40887

    SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection.... Read more

    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 6.1

    MEDIUM
    CVE-2022-40879

    kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'... Read more

    Affected Products : kkfileview
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 8.0

    HIGH
    CVE-2022-40472

    ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field o... Read more

    Affected Products : zkbio_time
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 8.8

    HIGH
    CVE-2022-40407

    A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.... Read more

    Affected Products : chamilo_lms chamilo
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-40048

    Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function.... Read more

    Affected Products : flatpress
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 6.5

    MEDIUM
    CVE-2022-3287

    When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.... Read more

    Affected Products : fwupd
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 7.5

    HIGH
    CVE-2022-3215

    NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in so... Read more

    Affected Products : swiftnio
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025
Showing 20 of 292768 Results