Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-2377

    A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /confirmbooking.php. The manipulation of the argument id leads to cross site scriptin... Read more

    • Published: Mar. 17, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-1607

    A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0. This issue affects some unknown processing of the file /admin/salary_slip.php. The manipulation of the argument id leads to authori... Read more

    Affected Products : best_employee_management_system
    • Published: Feb. 24, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2025-1587

    A vulnerability was found in SourceCodester Telecom Billing Management System 1.0. It has been rated as critical. This issue affects the function addrecords of the file main.cpp of the component Add New Record. The manipulation of the argument name/phonen... Read more

    Affected Products : telecom_billing_management_system
    • Published: Feb. 23, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-42154

    An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : 74cmsse
    • EPSS Score: %0.12
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-42149

    kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.... Read more

    Affected Products : kkfileview
    • EPSS Score: %0.11
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 6.1

    MEDIUM
    CVE-2022-42147

    kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.... Read more

    Affected Products : kkfileview
    • EPSS Score: %0.11
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 7.2

    HIGH
    CVE-2022-42143

    Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /sacco_shield/manage_payment.php.... Read more

    • EPSS Score: %0.09
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 7.2

    HIGH
    CVE-2022-42142

    Online Tours & Travels Management System v1.0 is vulnerable to Arbitrary code execution via ip/tour/admin/operations/update_settings.php.... Read more

    • EPSS Score: %0.11
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 8.8

    HIGH
    CVE-2022-42029

    Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.... Read more

    Affected Products : chamilo_lms chamilo
    • EPSS Score: %0.21
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2022-41594

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2022-41593

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2022-41592

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 7.5

    HIGH
    CVE-2022-41588

    The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.08
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 7.5

    HIGH
    CVE-2022-41586

    The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.12
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-41580

    The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.14
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-41578

    The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.14
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 5.4

    MEDIUM
    CVE-2022-41472

    74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.... Read more

    Affected Products : 74cmsse
    • EPSS Score: %0.10
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 6.5

    MEDIUM
    CVE-2022-41471

    74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account.... Read more

    Affected Products : 74cmsse
    • EPSS Score: %0.08
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 5.4

    MEDIUM
    CVE-2022-41431

    xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.... Read more

    Affected Products : xzs
    • EPSS Score: %0.18
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 5.4

    MEDIUM
    CVE-2022-41139

    MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.... Read more

    Affected Products : caldera caldera
    • EPSS Score: %0.11
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025
Showing 20 of 291773 Results