Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-40773

    Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.... Read more

    • EPSS Score: %0.50
    • Published: Nov. 12, 2022
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2022-3238

    A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Nov. 14, 2022
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2022-39069

    There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table co... Read more

    Affected Products : zaip-aie
    • EPSS Score: %0.34
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-38651

    A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affect... Read more

    Affected Products : hyperic_server
    • EPSS Score: %0.07
    • Published: Nov. 12, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-38167

    The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS.... Read more

    Affected Products : workflow
    • EPSS Score: %0.45
    • Published: Nov. 14, 2022
    • Modified: May. 01, 2025

  • 5.5

    MEDIUM
    CVE-2022-37290

    GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.... Read more

    Affected Products : fedora nautilus
    • EPSS Score: %0.02
    • Published: Nov. 14, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-36938

    DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.... Read more

    Affected Products : redex
    • EPSS Score: %0.63
    • Published: Nov. 11, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-35740

    dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. (This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users.) Some Java a... Read more

    Affected Products : dotcms
    • EPSS Score: %0.72
    • Published: Nov. 10, 2022
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-27673

    Insufficient access controls in the AMD Link Android app may potentially result in information disclosure.... Read more

    Affected Products : amd_link
    • EPSS Score: %0.26
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 5.4

    MEDIUM
    CVE-2022-26088

    An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML (such as an SSRF payload) into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a c... Read more

    • EPSS Score: %0.23
    • Published: Nov. 10, 2022
    • Modified: May. 01, 2025

  • 5.0

    MEDIUM
    CVE-2024-4529

    The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting card categories via CSRF attacks... Read more

    Affected Products : business_card
    • Published: May. 27, 2024
    • Modified: May. 01, 2025

  • 6.3

    MEDIUM
    CVE-2024-4530

    The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing card categories via CSRF attacks... Read more

    Affected Products : business_card
    • Published: May. 27, 2024
    • Modified: May. 01, 2025

  • 7.1

    HIGH
    CVE-2024-4531

    The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing cards via CSRF attacks... Read more

    Affected Products : business_card
    • Published: May. 27, 2024
    • Modified: May. 01, 2025

  • 6.3

    MEDIUM
    CVE-2024-39001

    ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more

    Affected Products : ag-grid ag_charts
    • Published: Jul. 01, 2024
    • Modified: May. 01, 2025

  • 6.4

    MEDIUM
    CVE-2024-4532

    The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks... Read more

    Affected Products : business_card
    • Published: May. 27, 2024
    • Modified: May. 01, 2025

  • 8.8

    HIGH
    CVE-2024-37032

    Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ subst... Read more

    Affected Products : ollama
    • Published: May. 31, 2024
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2024-36843

    libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.... Read more

    Affected Products : libmodbus
    • Published: May. 31, 2024
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2024-36844

    libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.... Read more

    Affected Products : libmodbus
    • Published: May. 31, 2024
    • Modified: May. 01, 2025

  • 4.3

    MEDIUM
    CVE-2024-36845

    An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.... Read more

    Affected Products : libmodbus
    • Published: May. 31, 2024
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2020-8887

    Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php (aka the server login page).... Read more

    Affected Products : sentry medius sentry
    • EPSS Score: %0.57
    • Published: Sep. 22, 2020
    • Modified: May. 01, 2025
Showing 20 of 291141 Results