Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2022-41844

    An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.... Read more

    Affected Products : xpdf
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-41843

    An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.... Read more

    Affected Products : xpdf
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-41842

    An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.... Read more

    Affected Products : xpdf
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 5.5

    MEDIUM
    CVE-2022-41841

    An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File.... Read more

    Affected Products : bento4
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 8.8

    HIGH
    CVE-2022-41828

    In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.... Read more

    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41440

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php.... Read more

    Affected Products : billing_system_project
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41439

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php.... Read more

    Affected Products : billing_system_project
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-41437

    Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php.... Read more

    Affected Products : billing_system_project
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-40887

    SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection.... Read more

    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 6.1

    MEDIUM
    CVE-2022-40879

    kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'... Read more

    Affected Products : kkfileview
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 8.0

    HIGH
    CVE-2022-40472

    ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field o... Read more

    Affected Products : zkbio_time
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 8.8

    HIGH
    CVE-2022-40407

    A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.... Read more

    Affected Products : chamilo_lms chamilo
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 7.2

    HIGH
    CVE-2022-40048

    Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function.... Read more

    Affected Products : flatpress
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 6.5

    MEDIUM
    CVE-2022-3287

    When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.... Read more

    Affected Products : fwupd
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 7.5

    HIGH
    CVE-2022-3215

    NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in so... Read more

    Affected Products : swiftnio
    • Published: Sep. 28, 2022
    • Modified: May. 20, 2025

  • 7.5

    HIGH
    CVE-2022-39173

    In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Cli... Read more

    Affected Products : wolfssl
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 6.1

    MEDIUM
    CVE-2022-37461

    Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the ... Read more

    Affected Products : medical_vitrea_view
    • Published: Sep. 30, 2022
    • Modified: May. 20, 2025

  • 6.5

    MEDIUM
    CVE-2022-35888

    Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system.... Read more

    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 5.4

    MEDIUM
    CVE-2022-35137

    DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.... Read more

    Affected Products : dgiot
    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-33880

    hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.... Read more

    • Published: Sep. 29, 2022
    • Modified: May. 20, 2025
Showing 20 of 293260 Results