Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-40407

    A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.... Read more

    Affected Products : chamilo_lms chamilo
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-40048

    Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function.... Read more

    Affected Products : flatpress
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 6.5

    MEDIUM
    CVE-2022-3287

    When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.... Read more

    Affected Products : fwupd
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 7.5

    HIGH
    CVE-2022-3215

    NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in so... Read more

    Affected Products : swiftnio
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 7.5

    HIGH
    CVE-2022-39173

    In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Cli... Read more

    Affected Products : wolfssl
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 6.1

    MEDIUM
    CVE-2022-37461

    Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the ... Read more

    Affected Products : medical_vitrea_view
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 6.5

    MEDIUM
    CVE-2022-35888

    Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.... Read more

    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-35137

    DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.... Read more

    Affected Products : dgiot
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-33880

    hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.... Read more

    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 7.5

    HIGH
    CVE-2019-5797

    Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-34441

    Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to t... Read more

    • Published: Jan. 11, 2023
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-34440

    Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to th... Read more

    • Published: Jan. 11, 2023
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-34442

    Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to ... Read more

    • Published: Jan. 18, 2023
    • Modified: May. 20, 2025

  • 8.4

    HIGH
    CVE-2022-34462

    Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin priv... Read more

    • Published: Jan. 18, 2023
    • Modified: May. 20, 2025

  • 5.9

    MEDIUM
    CVE-2023-39252

    Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. ... Read more

    • Published: Sep. 21, 2023
    • Modified: May. 20, 2025

  • 5.9

    MEDIUM
    CVE-2025-22385

    An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect dat... Read more

    Affected Products : configured_commerce
    • Published: Jan. 04, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Authentication

  • 7.3

    HIGH
    CVE-2025-22386

    An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out ... Read more

    Affected Products : configured_commerce
    • Published: Jan. 04, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Authentication

  • 5.7

    MEDIUM
    CVE-2025-22388

    An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising... Read more

    Affected Products : optimizely_cms
    • Published: Jan. 04, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.0

    HIGH
    CVE-2025-22389

    An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, includ... Read more

    Affected Products : optimizely_cms
    • Published: Jan. 04, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-22390

    An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum l... Read more

    Affected Products : optimizely_cms
    • Published: Jan. 04, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Authentication
Showing 20 of 292812 Results