Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-34782

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2024-34781

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2025-26200

    SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component.... Read more

    • Published: Feb. 24, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Injection

  • 6.1

    MEDIUM
    CVE-2023-4148

    The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : ditty
    • EPSS Score: %3.43
    • Published: Sep. 25, 2023
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-44547

    The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability.... Read more

    Affected Products : emui harmonyos
    • EPSS Score: %0.09
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-43321

    Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php.... Read more

    Affected Products : shopwind
    • EPSS Score: %0.16
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-43320

    FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer.... Read more

    Affected Products : feehicms
    • EPSS Score: %0.16
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2022-43310

    An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path.... Read more

    Affected Products : foxit_reader
    • EPSS Score: %0.01
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2022-43292

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editfood.php.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.07
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2022-43291

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.07
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2022-43290

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editcategory.php.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.07
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2022-43278

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /php_action/fetchSelectedCategories.php.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.07
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2022-43277

    Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.10
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-43121

    A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.... Read more

    Affected Products : subrion subrion_cms
    • EPSS Score: %0.48
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-43118

    A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field.... Read more

    Affected Products : flatcore-cms
    • EPSS Score: %0.14
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-40797

    Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server config... Read more

    Affected Products : roxy_fileman
    • EPSS Score: %8.30
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 4.3

    MEDIUM
    CVE-2022-3413

    Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to vi... Read more

    Affected Products : gitlab
    • EPSS Score: %0.11
    • Published: Nov. 10, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-37927

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD). ... Read more

    Affected Products : oneview_global_dashboard
    • EPSS Score: %0.24
    • Published: Dec. 12, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-31689

    VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.... Read more

    Affected Products : workspace_one_assist
    • EPSS Score: %0.57
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-31688

    VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's wind... Read more

    Affected Products : workspace_one_assist
    • EPSS Score: %0.53
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025
Showing 20 of 291209 Results