Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-3395

    The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the cc_sql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection ... Read more

    Affected Products : wp_all_export
    • EPSS Score: %0.29
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-3246

    The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers... Read more

    Affected Products : blog2social
    • EPSS Score: %1.16
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-3097

    The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections.... Read more

    Affected Products : lbstopattack
    • EPSS Score: %0.18
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-38870

    Free5gc v3.2.1 is vulnerable to Information disclosure.... Read more

    Affected Products : free5gc
    • EPSS Score: %85.61
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2022-38162

    Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input.... Read more

    Affected Products : f-secure_policy_manager
    • EPSS Score: %0.18
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2022-36966

    Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.... Read more

    Affected Products : orion_platform solarwinds_platform
    • EPSS Score: %0.22
    • Published: Oct. 20, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-36454

    A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to ... Read more

    Affected Products : micollab
    • EPSS Score: %0.18
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-36453

    A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attack... Read more

    Affected Products : micollab
    • EPSS Score: %0.24
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-36452

    A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the appli... Read more

    Affected Products : micollab
    • EPSS Score: %1.90
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-36451

    A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploi... Read more

    Affected Products : micollab
    • EPSS Score: %0.18
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 5.3

    MEDIUM
    CVE-2022-35739

    PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data ... Read more

    Affected Products : prtg_network_monitor
    • EPSS Score: %1.07
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-35132

    Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module.... Read more

    Affected Products : usermin
    • EPSS Score: %3.39
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-33178

    A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.... Read more

    Affected Products : fabric_operating_system
    • EPSS Score: %0.81
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-42553

    A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated w... Read more

    Affected Products : stm32_mw_usb_host
    • EPSS Score: %0.21
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2024-53255

    BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting (XSS) vulnerability exists in the /admin?page=media endpoint in ... Read more

    Affected Products : boidcms
    • Published: Nov. 25, 2024
    • Modified: May. 07, 2025

  • 8.4

    HIGH
    CVE-2025-31175

    Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity.... Read more

    Affected Products : emui harmonyos
    • Published: Apr. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Misconfiguration

  • 7.5

    HIGH
    CVE-2025-31174

    Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Apr. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-31173

    Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : harmonyos
    • Published: Apr. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-58106

    Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Apr. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2024-58107

    Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : harmonyos
    • Published: Apr. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291625 Results