Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2022-40770

    Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.... Read more

    • EPSS Score: %78.38
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 7.8

    HIGH
    CVE-2022-40304

    An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.... Read more

    • EPSS Score: %0.08
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-35501

    Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function.... Read more

    Affected Products : blog_pro
    • EPSS Score: %0.13
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-35500

    Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality.... Read more

    Affected Products : blog_pro
    • EPSS Score: %0.13
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 7.8

    HIGH
    CVE-2022-45939

    GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use th... Read more

    Affected Products : fedora debian_linux emacs
    • EPSS Score: %0.04
    • Published: Nov. 28, 2022
    • Modified: Apr. 28, 2025

  • 7.5

    HIGH
    CVE-2022-45921

    FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process.... Read more

    Affected Products : fusionauth
    • EPSS Score: %0.24
    • Published: Nov. 28, 2022
    • Modified: Apr. 28, 2025

  • 4.8

    MEDIUM
    CVE-2022-45224

    Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfu... Read more

    • EPSS Score: %0.09
    • Published: Nov. 28, 2022
    • Modified: Apr. 28, 2025

  • 4.8

    MEDIUM
    CVE-2022-45223

    Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /Admin/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tx... Read more

    • EPSS Score: %0.09
    • Published: Nov. 28, 2022
    • Modified: Apr. 28, 2025

  • 7.0

    HIGH
    CVE-2022-44651

    A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-p... Read more

    Affected Products : apex_one
    • EPSS Score: %0.06
    • Published: Dec. 12, 2022
    • Modified: Apr. 28, 2025

  • 5.4

    MEDIUM
    CVE-2022-41446

    An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data.... Read more

    Affected Products : record_management_system
    • EPSS Score: %2.02
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 4.8

    MEDIUM
    CVE-2022-3601

    The Image Hover Effects Css3 WordPress plugin through 4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di... Read more

    Affected Products : image_hover_effects_css3
    • EPSS Score: %0.11
    • Published: Nov. 28, 2022
    • Modified: Apr. 28, 2025

  • 7.2

    HIGH
    CVE-2022-39179

    College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file. ... Read more

    Affected Products : college_management_system
    • EPSS Score: %0.13
    • Published: Nov. 17, 2022
    • Modified: Apr. 28, 2025

  • 5.3

    MEDIUM
    CVE-2022-39178

    Webvendome - webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure. ... Read more

    Affected Products : webvendome
    • EPSS Score: %0.11
    • Published: Nov. 17, 2022
    • Modified: Apr. 28, 2025

  • 7.2

    HIGH
    CVE-2022-30529

    File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinym... Read more

    Affected Products : isic.lk
    • EPSS Score: %0.08
    • Published: Nov. 22, 2022
    • Modified: Apr. 28, 2025

  • 4.9

    MEDIUM
    CVE-2022-22488

    IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337.... Read more

    • EPSS Score: %0.05
    • Published: Dec. 12, 2022
    • Modified: Apr. 28, 2025

  • 4.8

    MEDIUM
    CVE-2025-29018

    A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0.... Read more

    • Published: Apr. 09, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-46085

    FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename... Read more

    Affected Products : frogcms
    • Published: Sep. 17, 2024
    • Modified: Apr. 28, 2025

  • 8.8

    HIGH
    CVE-2024-46362

    FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory... Read more

    Affected Products : frogcms
    • Published: Sep. 17, 2024
    • Modified: Apr. 28, 2025

  • 7.5

    HIGH
    CVE-2024-46609

    An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords... Read more

    Affected Products : icecms icecms
    • Published: Sep. 25, 2024
    • Modified: Apr. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-25141

    When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.... Read more

    • Published: Feb. 20, 2024
    • Modified: Apr. 28, 2025
Showing 20 of 291741 Results