Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2022-43990

    Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. Th... Read more

    • EPSS Score: %0.91
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.3

    HIGH
    CVE-2022-43989

    Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery m... Read more

    • EPSS Score: %0.91
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-43362

    Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php.... Read more

    Affected Products : senayan_library_management_system
    • EPSS Score: %0.08
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2022-43361

    Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php.... Read more

    Affected Products : senayan_library_management_system
    • EPSS Score: %0.08
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-43241

    Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.... Read more

    Affected Products : debian_linux libde265
    • EPSS Score: %0.15
    • Published: Nov. 02, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-43240

    Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.... Read more

    Affected Products : debian_linux libde265
    • EPSS Score: %0.11
    • Published: Nov. 02, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-43127

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/update_status.php.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-43083

    An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : vehicle_booking_system
    • EPSS Score: %0.12
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-43082

    A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php of Fast Food Ordering System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the customer parameter.... Read more

    Affected Products : fast_food_ordering_system
    • EPSS Score: %0.11
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-43081

    Fast Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /fastfood/purchase.php.... Read more

    Affected Products : fast_food_ordering_system
    • EPSS Score: %0.08
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-3499

    An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present.... Read more

    Affected Products : nessus
    • EPSS Score: %0.31
    • Published: Oct. 31, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-32888

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, macOS Monterey 12.6, tvOS 16. Processing maliciously crafted web content ma... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • EPSS Score: %0.42
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-38882

    An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in a... Read more

    Affected Products : caterease
    • Published: Aug. 02, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-25849

    In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .... Read more

    Affected Products : make_an_offer\/offer_your_price
    • Published: Mar. 08, 2024
    • Modified: May. 05, 2025

  • 5.9

    MEDIUM
    CVE-2024-25848

    In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions.... Read more

    Affected Products : seo
    • Published: Mar. 08, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-25845

    In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions.... Read more

    • Published: Mar. 08, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-25847

    SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() a... Read more

    • Published: Mar. 03, 2024
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2024-27515

    Osclass 5.1.2 is vulnerable to SQL Injection.... Read more

    Affected Products : osclass
    • Published: Feb. 28, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-27007

    Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82.... Read more

    Affected Products : suretriggers
    • Published: May. 01, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2023-32005

    A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file ... Read more

    Affected Products : node.js
    • EPSS Score: %0.62
    • Published: Sep. 12, 2023
    • Modified: May. 05, 2025
Showing 20 of 291170 Results