Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-41383

    The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-archives
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 5.2

    MEDIUM
    CVE-2022-41209

    SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be suscept... Read more

    Affected Products : customer_data_cloud
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-41206

    SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful explo... Read more

    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-40872

    An SQL injection vulnerability issue was discovered in Sourcecodester Simple E-Learning System 1.0., in /vcs/classRoom.php?classCode=, classCode.... Read more

    Affected Products : simple_e-learning_system
    • Published: Oct. 07, 2022
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2022-33888

    A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the cont... Read more

    • Published: Oct. 03, 2022
    • Modified: May. 20, 2025

  • 5.3

    MEDIUM
    CVE-2025-27191

    Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass secu... Read more

    • Published: Apr. 08, 2025
    • Modified: May. 20, 2025
    • Vuln Type: Authorization

  • 7.8

    HIGH
    CVE-2024-36963

    In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when acc... Read more

    Affected Products : linux_kernel
    • Published: Jun. 03, 2024
    • Modified: May. 20, 2025

  • 7.5

    HIGH
    CVE-2022-42731

    mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage.... Read more

    Affected Products : django-mfa2
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 8.8

    HIGH
    CVE-2022-42238

    A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard.... Read more

    Affected Products : merchandise_online_store
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-42236

    A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form.... Read more

    Affected Products : merchandise_online_store
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-42037

    The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-asns
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 8.8

    HIGH
    CVE-2022-42034

    Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php.... Read more

    Affected Products : wedding_planner
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41387

    The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-pdfs
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41386

    The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-utility
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41382

    The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-json
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41381

    The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-utility
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-41380

    The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.... Read more

    Affected Products : d8s-yaml
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 6.1

    MEDIUM
    CVE-2022-41376

    Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function.... Read more

    Affected Products : metro_ui
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 5.2

    MEDIUM
    CVE-2022-41210

    SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain ... Read more

    Affected Products : customer_data_cloud
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025

  • 7.8

    HIGH
    CVE-2022-41202

    Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be trigger... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Oct. 11, 2022
    • Modified: May. 20, 2025
Showing 20 of 292834 Results