Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-46572

    passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAM... Read more

    Affected Products : passport-wsfed-saml2
    • Published: May. 06, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2022-42054

    Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Descripti... Read more

    Affected Products : goodcloud
    • EPSS Score: %0.12
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-41986

    Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions.... Read more

    Affected Products : iij_smartkey
    • EPSS Score: %0.12
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-41799

    Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the ot... Read more

    Affected Products : growi
    • EPSS Score: %0.10
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-41797

    Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerabl... Read more

    Affected Products : lemon8
    • EPSS Score: %0.17
    • Published: Oct. 24, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-40876

    In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE).... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %2.47
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-40875

    Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo.... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %0.12
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-40874

    Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request.... Read more

    Affected Products : ax1803_firmware ax1803
    • EPSS Score: %0.13
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-39978

    Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the pic... Read more

    Affected Products : online_pet_shop_we_app
    • EPSS Score: %0.28
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-39977

    Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upl... Read more

    Affected Products : online_pet_shop_we_app
    • EPSS Score: %0.28
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-39976

    School Activity Updates with SMS Notification v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /modules/announcement/index.php?view=edit&id=.... Read more

    • EPSS Score: %0.08
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38734

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38733

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38732

    SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.54
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38731

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38730

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-38729

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.34
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2021-37781

    Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php.... Read more

    Affected Products : employee_record_management_system
    • EPSS Score: %0.48
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2021-35388

    Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin/patient-search.php.... Read more

    • EPSS Score: %0.48
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2021-35387

    Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-patient.php.... Read more

    • EPSS Score: %0.30
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025
Showing 20 of 291638 Results