Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2022-41710

    Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy (or at le... Read more

    Affected Products : markdownify
    • EPSS Score: %0.03
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2022-41435

    OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public ... Read more

    Affected Products : luci
    • EPSS Score: %0.10
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 9.1

    CRITICAL
    CVE-2022-40747

    "IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID... Read more

    • EPSS Score: %0.06
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-3781

    Dashlane password and Keepass Server password in My Account Settings  are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to re... Read more

    • EPSS Score: %0.08
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-3780

    Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions. ... Read more

    Affected Products : remote_desktop_manager
    • EPSS Score: %0.22
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2022-30615

    "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... Read more

    • EPSS Score: %0.20
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-30608

    "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295.... Read more

    • EPSS Score: %0.07
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-25885

    The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.... Read more

    Affected Products : muhammara hummus
    • EPSS Score: %0.11
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-22442

    "IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427."... Read more

    • EPSS Score: %0.07
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-22425

    "IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598."... Read more

    • EPSS Score: %0.13
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 5.9

    MEDIUM
    CVE-2021-46853

    Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS.... Read more

    Affected Products : alpine
    • EPSS Score: %0.19
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 4.9

    MEDIUM
    CVE-2021-37823

    OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.... Read more

    Affected Products : opencart
    • EPSS Score: %0.07
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-22820

    MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.... Read more

    Affected Products : mkcms
    • EPSS Score: %0.07
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-22819

    MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.... Read more

    Affected Products : mkcms
    • EPSS Score: %0.07
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2020-22818

    MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.... Read more

    Affected Products : mkcms
    • EPSS Score: %0.07
    • Published: Nov. 03, 2022
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2021-20193

    A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.... Read more

    Affected Products : tar
    • EPSS Score: %0.10
    • Published: Mar. 26, 2021
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2020-12069

    In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can be used by a local attacker with low privileges to gain... Read more

    • EPSS Score: %0.03
    • Published: Dec. 26, 2022
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2023-3920

    An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship b... Read more

    Affected Products : gitlab
    • EPSS Score: %0.24
    • Published: Sep. 29, 2023
    • Modified: May. 05, 2025

  • 5.0

    MEDIUM
    CVE-2023-1401

    An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.10
    • Published: Jul. 26, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-3907

    A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner... Read more

    Affected Products : gitlab
    • EPSS Score: %0.03
    • Published: Dec. 17, 2023
    • Modified: May. 05, 2025
Showing 20 of 291219 Results