Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-41797

    Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerabl... Read more

    Affected Products : lemon8
    • EPSS Score: %0.17
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-40876

    In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE).... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %2.47
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-40875

    Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo.... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %0.12
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-40874

    Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request.... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %0.13
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-39978

    Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the pic... Read more

    Affected Products : online_pet_shop_we_app
    • EPSS Score: %0.28
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-39977

    Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upl... Read more

    Affected Products : online_pet_shop_we_app
    • EPSS Score: %0.28
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-39976

    School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /modules/announcement/index.php?view=edit&id=.... Read more

    • EPSS Score: %0.08
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38734

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38733

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38732

    SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.54
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38731

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38730

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38729

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2021-37781

    Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php.... Read more

    Affected Products : employee_record_management_system
    • EPSS Score: %0.48
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2021-35388

    Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.... Read more

    • EPSS Score: %0.48
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2021-35387

    Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.... Read more

    • EPSS Score: %0.30
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 8.1

    HIGH
    CVE-2024-29901

    The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.... Read more

    Affected Products : authkit
    • Published: Mar. 29, 2024
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2024-29900

    Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will b... Read more

    Affected Products : electron-packager packager packager
    • Published: Mar. 29, 2024
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2025-3389

    A vulnerability, which was classified as problematic, has been found in hailey888 oa_system up to 2025.01.01. This issue affects the function testMess of the file cn/gson/oasys/controller/inform/InformManageController.java of the component Backend. The ma... Read more

    Affected Products : oa_system
    • Published: Apr. 08, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2024-11595

    FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file... Read more

    Affected Products : wireshark
    • Published: Nov. 21, 2024
    • Modified: May. 07, 2025
Showing 20 of 291618 Results