Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-27515

    Osclass 5.1.2 is vulnerable to SQL Injection.... Read more

    Affected Products : osclass
    • Published: Feb. 28, 2024
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-27007

    Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82.... Read more

    Affected Products : suretriggers
    • Published: May. 01, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2023-32005

    A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file ... Read more

    Affected Products : node.js
    • EPSS Score: %0.62
    • Published: Sep. 12, 2023
    • Modified: May. 05, 2025

  • 7.1

    HIGH
    CVE-2022-43995

    Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by enteri... Read more

    Affected Products : sudo
    • EPSS Score: %0.09
    • Published: Nov. 02, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-43245

    Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.... Read more

    Affected Products : debian_linux libde265
    • EPSS Score: %0.15
    • Published: Nov. 02, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-43244

    Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.... Read more

    Affected Products : debian_linux libde265
    • EPSS Score: %0.15
    • Published: Nov. 02, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-43243

    Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.... Read more

    Affected Products : debian_linux libde265
    • EPSS Score: %0.11
    • Published: Nov. 02, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-43242

    Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.... Read more

    Affected Products : debian_linux libde265
    • EPSS Score: %0.13
    • Published: Nov. 02, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-43239

    Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.... Read more

    Affected Products : debian_linux libde265
    • EPSS Score: %0.09
    • Published: Nov. 02, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-42753

    SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks.... Read more

    Affected Products : salonerp
    • EPSS Score: %0.11
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-42751

    CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions.... Read more

    Affected Products : candidats
    • EPSS Score: %0.09
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-42750

    CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user.... Read more

    Affected Products : candidats
    • EPSS Score: %0.41
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-42749

    CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. ... Read more

    Affected Products : candidats
    • EPSS Score: %3.10
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-42748

    CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. ... Read more

    Affected Products : candidats
    • EPSS Score: %3.10
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-42747

    CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. ... Read more

    Affected Products : candidats
    • EPSS Score: %3.10
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-42746

    CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks. ... Read more

    Affected Products : candidats
    • EPSS Score: %6.03
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 5.3

    MEDIUM
    CVE-2022-42743

    deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.... Read more

    Affected Products : deep-parse-json
    • EPSS Score: %0.08
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 3.3

    LOW
    CVE-2022-42442

    IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214. ... Read more

    • EPSS Score: %0.03
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 5.3

    MEDIUM
    CVE-2022-41714

    fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.... Read more

    Affected Products : fastest-json-copy
    • EPSS Score: %0.08
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 5.3

    MEDIUM
    CVE-2022-41713

    deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the '__proto__' property to be edited.... Read more

    Affected Products : deep-object-diff
    • EPSS Score: %0.08
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025
Showing 20 of 291219 Results