Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-38882

    An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in a... Read more

    Affected Products : caterease
    • Published: Aug. 02, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-25849

    In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .... Read more

    Affected Products : make_an_offer\/offer_your_price
    • Published: Mar. 08, 2024
    • Modified: May. 05, 2025

  • 5.9

    MEDIUM
    CVE-2024-25848

    In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions.... Read more

    Affected Products : seo
    • Published: Mar. 08, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-25845

    In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions.... Read more

    • Published: Mar. 08, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-25847

    SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() a... Read more

    • Published: Mar. 03, 2024
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2024-27515

    Osclass 5.1.2 is vulnerable to SQL Injection.... Read more

    Affected Products : osclass
    • Published: Feb. 28, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-27007

    Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82.... Read more

    Affected Products : suretriggers
    • Published: May. 01, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2023-32005

    A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file ... Read more

    Affected Products : node.js
    • EPSS Score: %0.62
    • Published: Sep. 12, 2023
    • Modified: May. 05, 2025

  • 7.1

    HIGH
    CVE-2022-43995

    Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by enteri... Read more

    Affected Products : sudo
    • EPSS Score: %0.09
    • Published: Nov. 02, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-43245

    Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.... Read more

    Affected Products : debian_linux libde265
    • EPSS Score: %0.15
    • Published: Nov. 02, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-43244

    Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.... Read more

    Affected Products : debian_linux libde265
    • EPSS Score: %0.15
    • Published: Nov. 02, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-43243

    Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.... Read more

    Affected Products : debian_linux libde265
    • EPSS Score: %0.11
    • Published: Nov. 02, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-43242

    Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.... Read more

    Affected Products : debian_linux libde265
    • EPSS Score: %0.13
    • Published: Nov. 02, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-43239

    Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.... Read more

    Affected Products : debian_linux libde265
    • EPSS Score: %0.09
    • Published: Nov. 02, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-42753

    SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks.... Read more

    Affected Products : salonerp
    • EPSS Score: %0.11
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-42751

    CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions.... Read more

    Affected Products : candidats
    • EPSS Score: %0.09
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-42750

    CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user.... Read more

    Affected Products : candidats
    • EPSS Score: %0.41
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-42749

    CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. ... Read more

    Affected Products : candidats
    • EPSS Score: %3.10
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-42748

    CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. ... Read more

    Affected Products : candidats
    • EPSS Score: %3.10
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-42747

    CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. ... Read more

    Affected Products : candidats
    • EPSS Score: %3.10
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025
Showing 20 of 291216 Results