Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2022-40870

    The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.... Read more

    Affected Products : remote_application_server
    • EPSS Score: %0.15
    • Published: Nov. 23, 2022
    • Modified: Apr. 29, 2025

  • 9.1

    CRITICAL
    CVE-2022-40842

    ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php.... Read more

    Affected Products : ndkadvancedcustomizationfields
    • EPSS Score: %0.33
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-37773

    An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases.... Read more

    Affected Products : maarch_rm
    • EPSS Score: %0.36
    • Published: Nov. 23, 2022
    • Modified: Apr. 29, 2025

  • 9.6

    CRITICAL
    CVE-2022-36180

    Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106.... Read more

    Affected Products : fusiondirectory
    • EPSS Score: %0.18
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-36179

    Fusiondirectory 1.3 suffers from Improper Session Handling.... Read more

    Affected Products : fusiondirectory
    • EPSS Score: %0.12
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2022-35407

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of t... Read more

    Affected Products : kernel
    • EPSS Score: %0.08
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2022-33012

    Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.... Read more

    Affected Products : microweber cockpit
    • EPSS Score: %0.54
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2021-3919

    A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability.... Read more

    • EPSS Score: %0.83
    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2021-29334

    An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin account via index, /admin.php/Admin/adminadd.html... Read more

    Affected Products : jizhicms
    • EPSS Score: %0.08
    • Published: Nov. 23, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2020-23593

    A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ' /mgm_log_cfg.asp.' The syst... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • EPSS Score: %0.17
    • Published: Nov. 23, 2022
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2020-23592

    A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' /mgm_dev_reset.a... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • EPSS Score: %0.56
    • Published: Nov. 23, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2020-23591

    A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial of Service (using 'rm -rf *.*' in the... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • EPSS Score: %0.40
    • Published: Nov. 23, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2020-23590

    A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for "WLAN SSID" through "wlwpa.asp".... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • EPSS Score: %0.24
    • Published: Nov. 23, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2020-23589

    A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to cause a Denial of Service by Rebooting the router throu... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • EPSS Score: %0.24
    • Published: Nov. 23, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2025-28035

    TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.... Read more

    • Published: Apr. 22, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-28036

    TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.... Read more

    • Published: Apr. 22, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-28037

    TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter.... Read more

    • Published: Apr. 22, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-28038

    TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter.... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Apr. 22, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-28039

    TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter.... Read more

    Affected Products : ex1200t_firmware ex1200t
    • Published: Apr. 22, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2022-45210

    Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin.... Read more

    Affected Products : jeecg_boot
    • EPSS Score: %0.06
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025
Showing 20 of 291312 Results