Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-47251

    In the Linux kernel, the following vulnerability has been resolved: mac80211: fix skb length check in ieee80211_scan_rx() Replace hard-coded compile-time constants for header length check with dynamic determination based on the frame type. Otherwise, we... Read more

    Affected Products : linux_kernel
    • Published: May. 21, 2024
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2025-46251

    Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikRestaurants Table Reservations and Take-Away allows Cross Site Request Forgery. This issue affects VikRestaurants Table Reservations and Take-Away: from n/a through 1.3.3.... Read more

    • Published: Apr. 22, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2023-5482

    Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • EPSS Score: %8.21
    • Published: Nov. 01, 2023
    • Modified: Apr. 30, 2025

  • 5.5

    MEDIUM
    CVE-2022-45473

    In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666.... Read more

    Affected Products : drachtio-server
    • EPSS Score: %0.03
    • Published: Nov. 18, 2022
    • Modified: Apr. 30, 2025

  • 8.1

    HIGH
    CVE-2022-45381

    Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able... Read more

    Affected Products : pipeline_utility_steps
    • EPSS Score: %0.18
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-45380

    Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission... Read more

    Affected Products : junit
    • EPSS Score: %0.68
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-45163

    An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.M... Read more

    • EPSS Score: %0.14
    • Published: Nov. 18, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-45132

    In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 templ... Read more

    Affected Products : lava
    • EPSS Score: %6.46
    • Published: Nov. 18, 2022
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-43694

    Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.56
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2022-43693

    Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.60
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-43265

    An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.13
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 6.8

    MEDIUM
    CVE-2022-43096

    Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.... Read more

    • EPSS Score: %0.08
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-42954

    Keyfactor EJBCA before 7.10.0 allows XSS.... Read more

    Affected Products : kefactor_ejbca
    • EPSS Score: %0.77
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 3.3

    LOW
    CVE-2022-42903

    Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.... Read more

    Affected Products : manageengine_supportcenter_plus
    • EPSS Score: %0.05
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-42894

    A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for... Read more

    • EPSS Score: %0.25
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-42893

    A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the a... Read more

    • EPSS Score: %0.16
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-42892

    A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow directory listing in any folder accessible to t... Read more

    • EPSS Score: %0.33
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 5.9

    MEDIUM
    CVE-2022-42132

    The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when ... Read more

    • EPSS Score: %0.20
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 4.8

    MEDIUM
    CVE-2022-42131

    Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 ... Read more

    • EPSS Score: %0.14
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-42128

    The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode ... Read more

    • EPSS Score: %0.18
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025
Showing 20 of 291219 Results