Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-44638

    In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.... Read more

    Affected Products : fedora debian_linux pixman
    • EPSS Score: %0.21
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2022-43574

    "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679."... Read more

    • EPSS Score: %0.05
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-43107

    Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.... Read more

    Affected Products : ac23_firmware ac23
    • EPSS Score: %0.09
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-43106

    Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function.... Read more

    Affected Products : ac23_firmware ac23
    • EPSS Score: %0.09
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-43101

    Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.... Read more

    Affected Products : ac23_firmware ac23
    • EPSS Score: %0.09
    • Published: Nov. 03, 2022
    • Modified: May. 02, 2025

  • 4.3

    MEDIUM
    CVE-2022-41413

    perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.... Read more

    Affected Products : perfsonar
    • EPSS Score: %0.50
    • Published: Nov. 30, 2022
    • Modified: May. 02, 2025

  • 6.7

    MEDIUM
    CVE-2022-37930

    A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information. ... Read more

    • EPSS Score: %0.05
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 6.7

    MEDIUM
    CVE-2022-37929

    Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. ... Read more

    • EPSS Score: %0.07
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 8.0

    HIGH
    CVE-2022-37928

    Insufficient Verification of Data Authenticity vulnerability in Hewlett Packard Enterprise HPE Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. ... Read more

    • EPSS Score: %0.19
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 6.4

    MEDIUM
    CVE-2021-46846

    Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5. ... Read more

    • EPSS Score: %0.14
    • Published: Dec. 12, 2022
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2020-36084

    SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/delete_teacher_students.php?id= parameter via id field.... Read more

    Affected Products : responsive_e-learning_system
    • Published: Feb. 05, 2025
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2025-22928

    OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the cp_id parameter at /modules/messages/Inbox.php.... Read more

    Affected Products : opensis
    • Published: Apr. 03, 2025
    • Modified: May. 02, 2025

  • 9.1

    CRITICAL
    CVE-2024-55496

    A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0. This issue affects some unknown functionality of add_company.php. Actions on the delete parameter result in SQL injection.... Read more

    Affected Products : bookstore_management_system
    • Published: Dec. 17, 2024
    • Modified: May. 02, 2025

  • 9.8

    CRITICAL
    CVE-2024-48580

    SQL Injection vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the email parameter of the login request.... Read more

    Affected Products : best_courier_management_system
    • Published: Oct. 25, 2024
    • Modified: May. 02, 2025

  • 7.3

    HIGH
    CVE-2024-48259

    Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via station_id or callsign.... Read more

    Affected Products : cloudlog
    • Published: Oct. 14, 2024
    • Modified: May. 02, 2025

  • 5.3

    MEDIUM
    CVE-2024-24407

    SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component.... Read more

    • Published: Mar. 28, 2024
    • Modified: May. 02, 2025

  • 8.1

    HIGH
    CVE-2024-22983

    SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint.... Read more

    • Published: Feb. 28, 2024
    • Modified: May. 02, 2025

  • 5.1

    MEDIUM
    CVE-2025-25992

    SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component.... Read more

    Affected Products : feminer_wms
    • Published: Feb. 14, 2025
    • Modified: May. 02, 2025

  • 5.1

    MEDIUM
    CVE-2025-25993

    SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameter "itemid."... Read more

    Affected Products : feminer_wms
    • Published: Feb. 14, 2025
    • Modified: May. 02, 2025

  • 7.5

    HIGH
    CVE-2025-25994

    SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id.... Read more

    Affected Products : feminer_wms
    • Published: Feb. 14, 2025
    • Modified: May. 02, 2025
Showing 20 of 291157 Results