Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2022-42943

    A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in th... Read more

    • EPSS Score: %0.14
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-42941

    A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in th... Read more

    • EPSS Score: %0.14
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-42940

    A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.... Read more

    • EPSS Score: %0.14
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-41796

    Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : content_transfer
    • EPSS Score: %0.07
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-40984

    Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31 to 1.61 and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by processing a long file name.... Read more

    Affected Products : wtviewere_761941 wtviewerefree
    • EPSS Score: %0.47
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-3676

    In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.... Read more

    Affected Products : openj9
    • EPSS Score: %0.34
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-3626

    LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from s... Read more

    • EPSS Score: %0.03
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 6.7

    MEDIUM
    CVE-2022-34438

    Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance ... Read more

    • EPSS Score: %0.05
    • Published: Oct. 21, 2022
    • Modified: May. 07, 2025

  • 5.5

    MEDIUM
    CVE-2022-2882

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integratio... Read more

    Affected Products : gitlab
    • EPSS Score: %1.08
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-2826

    An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO... Read more

    Affected Products : gitlab
    • EPSS Score: %0.08
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-26884

    Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.... Read more

    Affected Products : dolphinscheduler
    • EPSS Score: %0.40
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-42010

    Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.... Read more

    Affected Products : heron
    • EPSS Score: %0.26
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38737

    SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38736

    SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2025-3168

    A vulnerability was found in PHPGurukul Time Table Generator System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-class.php. The manipulation of the argument editid leads to sql i... Read more

    Affected Products : time_table_generator_system
    • Published: Apr. 03, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-3352

    A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-scdetails.php. The manipulation of the argument contnum leads to sql inject... Read more

    Affected Products : old_age_home_management_system
    • Published: Apr. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-20348

    A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files. This vulnerability is due to an unauthenticated provisioning... Read more

    • Published: Apr. 03, 2024
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2025-3370

    A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0. This affects an unknown part of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. It is possible t... Read more

    Affected Products : men_salon_management_system
    • Published: Apr. 07, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Injection

  • 8.0

    HIGH
    CVE-2024-48629

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands ... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025

  • 8.0

    HIGH
    CVE-2024-48630

    D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a craft... Read more

    • Published: Oct. 17, 2024
    • Modified: May. 07, 2025
Showing 20 of 291562 Results