Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-42067

    Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability... Read more

    • EPSS Score: %0.07
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 6.1

    MEDIUM
    CVE-2022-42066

    Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php.... Read more

    • EPSS Score: %0.11
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-42064

    Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell.... Read more

    • EPSS Score: %0.02
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 3.4

    LOW
    CVE-2022-41598

    The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.01
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 7.5

    HIGH
    CVE-2022-41589

    The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.11
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 8.8

    HIGH
    CVE-2022-41538

    Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : wedding_planner
    • EPSS Score: %0.15
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 7.2

    HIGH
    CVE-2022-41536

    Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php.... Read more

    • EPSS Score: %0.09
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 7.2

    HIGH
    CVE-2022-41535

    Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_borrower.php.... Read more

    • EPSS Score: %0.09
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 9.1

    CRITICAL
    CVE-2022-41477

    A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories.... Read more

    Affected Products : webid
    • EPSS Score: %0.12
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 9.1

    CRITICAL
    CVE-2022-41436

    An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html.... Read more

    Affected Products : tp50_firmware tp50
    • EPSS Score: %0.26
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 7.2

    HIGH
    CVE-2022-41416

    Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /user/update_booking.php.... Read more

    • EPSS Score: %0.09
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 7.8

    HIGH
    CVE-2022-41308

    A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in t... Read more

    Affected Products : subassembly_composer
    • EPSS Score: %0.07
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 7.8

    HIGH
    CVE-2022-41307

    A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in t... Read more

    Affected Products : subassembly_composer
    • EPSS Score: %0.29
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 7.8

    HIGH
    CVE-2022-41306

    A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the con... Read more

    Affected Products : design_review
    • EPSS Score: %0.07
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 7.8

    HIGH
    CVE-2022-41304

    An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure.... Read more

    Affected Products : fbx_software_development_kit
    • EPSS Score: %0.05
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 7.8

    HIGH
    CVE-2022-41303

    A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arb... Read more

    Affected Products : fbx_software_development_kit
    • EPSS Score: %0.08
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 7.8

    HIGH
    CVE-2022-41302

    An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in conjunction with other vulnerabilities could lead to code exe... Read more

    Affected Products : fbx_software_development_kit
    • EPSS Score: %0.05
    • Published: Oct. 14, 2022
    • Modified: May. 14, 2025

  • 6.1

    MEDIUM
    CVE-2022-3149

    The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisat... Read more

    Affected Products : wp_custom_cursors
    • EPSS Score: %0.08
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 4.8

    MEDIUM
    CVE-2022-3139

    The We’re Open! WordPress plugin before 1.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for... Read more

    Affected Products : we\'re_open
    • EPSS Score: %0.09
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 7.2

    HIGH
    CVE-2022-3131

    The Search Logger WordPress plugin through 0.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users... Read more

    Affected Products : search_logger
    • EPSS Score: %0.27
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025
Showing 20 of 291717 Results