Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2024-25652

    In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessi... Read more

    Affected Products : secret_server
    • Published: Mar. 14, 2024
    • Modified: May. 20, 2025

  • 7.7

    HIGH
    CVE-2024-21538

    Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a ver... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: May. 20, 2025

  • 2.0

    LOW
    CVE-2024-12014

    Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers.... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2023-52623

    In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a suspicious RCU usage warning I received the following warning while running cthon against an ontap server running pNFS: [ 57.202521] ============================= [ 5... Read more

    Affected Products : linux_kernel
    • Published: Mar. 26, 2024
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2022-42717

    An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in ... Read more

    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2022-41851

    A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable to an uninitialized pointer reference vulnerabil... Read more

    Affected Products : jt_open_toolkit simcenter_femap
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41385

    The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-html
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41384

    The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-domains
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41383

    The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-archives
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 5.2

    MEDIUM
    CVE-2022-41209

    SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be suscept... Read more

    Affected Products : customer_data_cloud
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-41206

    SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful explo... Read more

    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-40872

    An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode.... Read more

    Affected Products : simple_e-learning_system
    • Published: Oct. 07, 2022
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2022-33888

    A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the cont... Read more

    • Published: Oct. 03, 2022
    • Modified: May. 20, 2025

  • 5.3

    MEDIUM
    CVE-2025-27191

    Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass secu... Read more

    • Published: Apr. 08, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-36963

    In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when acc... Read more

    Affected Products : linux_kernel
    • Published: Jun. 03, 2024
    • Modified: May. 20, 2025

  • 7.5

    HIGH
    CVE-2022-42731

    mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage.... Read more

    Affected Products : django-mfa2
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 8.8

    HIGH
    CVE-2022-42238

    A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.... Read more

    Affected Products : merchandise_online_store
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-42236

    A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form.... Read more

    Affected Products : merchandise_online_store
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-42037

    The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-asns
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 8.8

    HIGH
    CVE-2022-42034

    Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php.... Read more

    Affected Products : wedding_planner
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025
Showing 20 of 292803 Results