Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-43165

    A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Va... Read more

    Affected Products : rukovoditel
    • EPSS Score: %5.36
    • Published: Oct. 28, 2022
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-43164

    A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name... Read more

    Affected Products : rukovoditel
    • EPSS Score: %7.10
    • Published: Oct. 28, 2022
    • Modified: May. 08, 2025

  • 5.5

    MEDIUM
    CVE-2022-43039

    GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c.... Read more

    Affected Products : gpac
    • EPSS Score: %0.03
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2022-43038

    Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadCache() function in mp42ts.... Read more

    Affected Products : bento4
    • EPSS Score: %0.12
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2022-43037

    An issue was discovered in Bento4 1.6.0-639. There is a memory leak in the function AP4_File::ParseStream in /Core/Ap4File.cpp.... Read more

    Affected Products : bento4
    • EPSS Score: %0.09
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2022-43035

    An issue was discovered in Bento4 v1.6.0-639. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac.... Read more

    Affected Products : bento4
    • EPSS Score: %0.12
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2022-43034

    An issue was discovered in Bento4 v1.6.0-639. There is a heap buffer overflow vulnerability in the AP4_BitReader::SkipBits(unsigned int) function in mp42ts.... Read more

    Affected Products : bento4
    • EPSS Score: %0.12
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2022-43033

    An issue was discovered in Bento4 1.6.0-639. There is a bad free in the component AP4_HdlrAtom::~AP4_HdlrAtom() which allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more

    Affected Products : bento4
    • EPSS Score: %0.09
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2022-43032

    An issue was discovered in Bento4 v1.6.0-639. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42aac.... Read more

    Affected Products : bento4
    • EPSS Score: %0.12
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-43029

    Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the time parameter at /goform/SetSysTimeCfg.... Read more

    Affected Products : tx3_firmware tx3
    • EPSS Score: %0.17
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-43028

    Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter at /goform/SetSysTimeCfg.... Read more

    Affected Products : tx3_firmware tx3
    • EPSS Score: %0.17
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-43027

    Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to contain a stack overflow via the firewallEn parameter at /goform/SetFirewallCfg.... Read more

    Affected Products : tx3_firmware tx3
    • EPSS Score: %0.17
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2022-43014

    OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.... Read more

    Affected Products : opencats
    • EPSS Score: %5.64
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 6.1

    MEDIUM
    CVE-2022-42466

    Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and t... Read more

    Affected Products : isis
    • EPSS Score: %5.07
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2022-42227

    jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer.... Read more

    Affected Products : jsonlint_c\+\+
    • EPSS Score: %0.09
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2022-41709

    Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the "nodeIntegration" option enabled.... Read more

    Affected Products : markdownify
    • EPSS Score: %0.05
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2022-41708

    Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly.... Read more

    Affected Products : messenger
    • EPSS Score: %0.06
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2022-41707

    Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access sensitive data of any user of the application. This is possible because the application exposes user data to the public.... Read more

    Affected Products : messenger
    • EPSS Score: %0.11
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2022-40798

    OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover.... Read more

    Affected Products : ocomon
    • EPSS Score: %0.15
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 8.7

    HIGH
    CVE-2024-2739

    The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks... Read more

    Affected Products : advance_search advanced_search
    • Published: Apr. 15, 2024
    • Modified: May. 08, 2025
Showing 20 of 291712 Results