Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-44186

    Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_pri.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.39
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44184

    Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec.... Read more

    Affected Products : r7000p_firmware r7000p
    • EPSS Score: %0.50
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-34830

    An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.... Read more

    Affected Products : utgard_gpu_kernel_driver
    • EPSS Score: %0.17
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 7.5

    HIGH
    CVE-2021-46854

    mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.... Read more

    Affected Products : proftpd
    • EPSS Score: %0.62
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 8.8

    HIGH
    CVE-2021-43258

    CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Up... Read more

    Affected Products : churchinfo
    • EPSS Score: %70.43
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2021-35284

    SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1.... Read more

    Affected Products : cms-php
    • EPSS Score: %0.08
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 10.0

    CRITICAL
    CVE-2025-32432

    Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code executi... Read more

    Affected Products : craft_cms
    • Published: Apr. 25, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Denial of Service

  • 9.1

    CRITICAL
    CVE-2018-14847

    MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.... Read more

    Affected Products : routeros
    • Actively Exploited
    • EPSS Score: %93.51
    • Published: Aug. 02, 2018
    • Modified: Apr. 28, 2025

  • 7.8

    HIGH
    CVE-2024-49138

    Windows Common Log File System Driver Elevation of Privilege Vulnerability... Read more

    • Actively Exploited
    • Published: Dec. 12, 2024
    • Modified: Apr. 28, 2025

  • 7.8

    HIGH
    CVE-2024-21338

    Windows Kernel Elevation of Privilege Vulnerability... Read more

    • Actively Exploited
    • EPSS Score: %78.73
    • Published: Feb. 13, 2024
    • Modified: Apr. 28, 2025

  • 6.5

    MEDIUM
    CVE-2022-40772

    Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.... Read more

    • EPSS Score: %0.06
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 4.9

    MEDIUM
    CVE-2022-40771

    Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.... Read more

    • EPSS Score: %0.20
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 7.2

    HIGH
    CVE-2022-40770

    Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.... Read more

    • EPSS Score: %78.38
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 7.8

    HIGH
    CVE-2022-40304

    An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.... Read more

    • EPSS Score: %0.08
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-35501

    Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function.... Read more

    Affected Products : blog_pro
    • EPSS Score: %0.13
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-35500

    Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality.... Read more

    Affected Products : blog_pro
    • EPSS Score: %0.13
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 7.8

    HIGH
    CVE-2022-45939

    GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use th... Read more

    Affected Products : fedora debian_linux emacs
    • EPSS Score: %0.04
    • Published: Nov. 28, 2022
    • Modified: Apr. 28, 2025

  • 7.5

    HIGH
    CVE-2022-45921

    FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.... Read more

    Affected Products : fusionauth
    • EPSS Score: %0.24
    • Published: Nov. 28, 2022
    • Modified: Apr. 28, 2025

  • 4.8

    MEDIUM
    CVE-2022-45224

    Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfu... Read more

    • EPSS Score: %0.09
    • Published: Nov. 28, 2022
    • Modified: Apr. 28, 2025

  • 4.8

    MEDIUM
    CVE-2022-45223

    Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /Admin/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tx... Read more

    • EPSS Score: %0.09
    • Published: Nov. 28, 2022
    • Modified: Apr. 28, 2025
Showing 20 of 291722 Results