Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2021-44151

    An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An atta... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.40
    • Published: Dec. 13, 2021
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2021-44155

    An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to en... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.95
    • Published: Dec. 13, 2021
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-28365

    Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, h... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %36.00
    • Published: Apr. 09, 2022
    • Modified: Apr. 30, 2025

  • 8.1

    HIGH
    CVE-2021-37500

    Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.16
    • Published: Jan. 20, 2023
    • Modified: Apr. 30, 2025

  • 7.2

    HIGH
    CVE-2021-44154

    An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/edit_opt, which will then be triggered when running the diagnostics (via /goform/diagnostics_doit), resulting in a buffer overflow.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.67
    • Published: Dec. 13, 2021
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2021-45422

    Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %11.59
    • Published: Jan. 13, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-28364

    Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process file parameter via GET. Authentication is required.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.37
    • Published: Apr. 09, 2022
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-28363

    Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %17.39
    • Published: Apr. 09, 2022
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-30519

    XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field.... Read more

    Affected Products : reprise_license_manager
    • EPSS Score: %0.36
    • Published: Dec. 29, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2023-44031

    Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request.... Read more

    • EPSS Score: %0.06
    • Published: Feb. 03, 2024
    • Modified: Apr. 30, 2025

  • 5.9

    MEDIUM
    CVE-2024-50602

    An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.... Read more

    Affected Products : python libexpat
    • Published: Oct. 27, 2024
    • Modified: Apr. 30, 2025

  • 5.9

    MEDIUM
    CVE-2023-4813

    A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswit... Read more

    • EPSS Score: %0.31
    • Published: Sep. 12, 2023
    • Modified: Apr. 30, 2025

  • 5.9

    MEDIUM
    CVE-2023-4806

    A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and ... Read more

    • EPSS Score: %1.11
    • Published: Sep. 18, 2023
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-41719

    Unmarshal can panic on some inputs, possibly allowing for denial of service attacks.... Read more

    Affected Products : messagepack
    • EPSS Score: %0.09
    • Published: Nov. 10, 2022
    • Modified: Apr. 30, 2025

  • 4.6

    MEDIUM
    CVE-2022-3903

    An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or pote... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2022-3632

    The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions.... Read more

    Affected Products : oauth_client
    • EPSS Score: %0.16
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-3477

    The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any use... Read more

    • EPSS Score: %0.91
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-3415

    The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact me... Read more

    Affected Products : chat_bubble
    • EPSS Score: %0.69
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2022-35613

    Konker v2.3.9 was to discovered to contain a Cross-Site Request Forgery (CSRF).... Read more

    Affected Products : konker_platform
    • EPSS Score: %0.10
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 7.8

    HIGH
    CVE-2022-34325

    DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler u... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.05
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025
Showing 20 of 291058 Results