Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.0

    HIGH
    CVE-2022-44651

    A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-p... Read more

    Affected Products : apex_one
    • EPSS Score: %0.06
    • Published: Dec. 12, 2022
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-41446

    An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data.... Read more

    Affected Products : record_management_system
    • EPSS Score: %2.02
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 4.8

    MEDIUM
    CVE-2022-3601

    The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di... Read more

    Affected Products : image_hover_effects_css3
    • EPSS Score: %0.11
    • Published: Nov. 28, 2022
    • Modified: Apr. 28, 2025

  • 7.2

    HIGH
    CVE-2022-39179

    College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. ... Read more

    Affected Products : college_management_system
    • EPSS Score: %0.13
    • Published: Nov. 17, 2022
    • Modified: Apr. 28, 2025

  • 5.3

    MEDIUM
    CVE-2022-39178

    Webvendome - webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure. ... Read more

    Affected Products : webvendome
    • EPSS Score: %0.11
    • Published: Nov. 17, 2022
    • Modified: Apr. 28, 2025

  • 7.2

    HIGH
    CVE-2022-30529

    File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinym... Read more

    Affected Products : isic.lk
    • EPSS Score: %0.08
    • Published: Nov. 22, 2022
    • Modified: Apr. 28, 2025

  • 4.9

    MEDIUM
    CVE-2022-22488

    IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337.... Read more

    • EPSS Score: %0.05
    • Published: Dec. 12, 2022
    • Modified: Apr. 28, 2025

  • 4.8

    MEDIUM
    CVE-2025-29018

    A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0.... Read more

    • Published: Apr. 09, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-46085

    FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename... Read more

    Affected Products : frogcms
    • Published: Sep. 17, 2024
    • Modified: Apr. 28, 2025

  • 8.8

    HIGH
    CVE-2024-46362

    FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory... Read more

    Affected Products : frogcms
    • Published: Sep. 17, 2024
    • Modified: Apr. 28, 2025

  • 7.5

    HIGH
    CVE-2024-46609

    An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords... Read more

    Affected Products : icecms icecms
    • Published: Sep. 25, 2024
    • Modified: Apr. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-25141

    When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.... Read more

    • Published: Feb. 20, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-46612

    IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information.... Read more

    Affected Products : icecms icecms
    • Published: Sep. 25, 2024
    • Modified: Apr. 28, 2025

  • 7.8

    HIGH
    CVE-2022-44653

    A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-pr... Read more

    Affected Products : apex_one
    • EPSS Score: %0.16
    • Published: Dec. 12, 2022
    • Modified: Apr. 28, 2025

  • 7.8

    HIGH
    CVE-2022-44652

    An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to exec... Read more

    Affected Products : apex_one
    • EPSS Score: %0.06
    • Published: Dec. 12, 2022
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-44118

    dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php.... Read more

    Affected Products : dedecmsv6
    • EPSS Score: %5.27
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-43213

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php.... Read more

    Affected Products : billing_system_project
    • EPSS Score: %0.08
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 9.1

    CRITICAL
    CVE-2022-43196

    dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php.... Read more

    Affected Products : dedecmsv6
    • EPSS Score: %0.10
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 4.8

    MEDIUM
    CVE-2022-42095

    Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.... Read more

    Affected Products : backdrop backdrop_cms
    • EPSS Score: %43.36
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 8.8

    HIGH
    CVE-2022-3849

    The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin... Read more

    Affected Products : wp_user_merger
    • EPSS Score: %0.29
    • Published: Nov. 28, 2022
    • Modified: Apr. 28, 2025
Showing 20 of 291722 Results