Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-42198

    In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload.... Read more

    • EPSS Score: %0.13
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 6.5

    MEDIUM
    CVE-2022-42197

    In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.... Read more

    • EPSS Score: %0.05
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2022-42176

    In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.... Read more

    Affected Products : pcsecure
    • EPSS Score: %0.09
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-42021

    Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=.... Read more

    • EPSS Score: %0.07
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 5.4

    MEDIUM
    CVE-2022-41358

    A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php.... Read more

    Affected Products : garage_management_system
    • EPSS Score: %0.28
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 5.3

    MEDIUM
    CVE-2022-40084

    OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.... Read more

    Affected Products : opencrx
    • EPSS Score: %0.11
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.2

    HIGH
    CVE-2022-38108

    SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.... Read more

    Affected Products : orion_platform solarwinds_platform
    • EPSS Score: %85.43
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 9.8

    CRITICAL
    CVE-2022-37298

    Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes t... Read more

    Affected Products : shinken_monitoring
    • EPSS Score: %44.43
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2022-36122

    The Automox Agent before 40 on Windows incorrectly sets permissions on key files.... Read more

    Affected Products : windows automox
    • EPSS Score: %0.04
    • Published: Oct. 21, 2022
    • Modified: May. 08, 2025

  • 9.1

    CRITICAL
    CVE-2022-31678

    VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.... Read more

    Affected Products : cloud_foundation nsx_data_center
    • EPSS Score: %3.28
    • Published: Oct. 28, 2022
    • Modified: May. 08, 2025

  • 7.2

    HIGH
    CVE-2022-31366

    An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file.... Read more

    Affected Products : eve-ng
    • EPSS Score: %0.56
    • Published: Oct. 20, 2022
    • Modified: May. 08, 2025

  • 7.5

    HIGH
    CVE-2025-43967

    libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.... Read more

    Affected Products : libheif
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-43966

    libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.... Read more

    Affected Products : libheif
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Memory Corruption

  • 8.6

    HIGH
    CVE-2025-43971

    An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.... Read more

    Affected Products : gobgp
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2025-43973

    An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.... Read more

    Affected Products : gobgp
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service

  • 7.5

    HIGH
    CVE-2025-43972

    An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.... Read more

    Affected Products : gobgp
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service

  • 5.3

    MEDIUM
    CVE-2025-43970

    An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).... Read more

    Affected Products : gobgp
    • Published: Apr. 21, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Denial of Service

  • 7.8

    HIGH
    CVE-2024-12671

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context o... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-12669

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the c... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 08, 2025

  • 7.8

    HIGH
    CVE-2024-12200

    A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context o... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 08, 2025
Showing 20 of 291728 Results