Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2020-23584

    Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the "PingTest" parameter that leads ... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • EPSS Score: %52.85
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2020-23583

    OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diag_ping_admin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAN... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • EPSS Score: %5.89
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 7.0

    HIGH
    CVE-2009-1143

    An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).... Read more

    Affected Products : open-vm-tools
    • EPSS Score: %0.02
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 6.7

    MEDIUM
    CVE-2009-1142

    An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.... Read more

    Affected Products : open_vm_tools
    • EPSS Score: %0.03
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 6.1

    MEDIUM
    CVE-2023-49034

    Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files.... Read more

    Affected Products : projeqtor
    • Published: Feb. 20, 2024
    • Modified: Apr. 25, 2025

  • 6.1

    MEDIUM
    CVE-2023-46967

    Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket.... Read more

    Affected Products : osticket
    • Published: Feb. 20, 2024
    • Modified: Apr. 25, 2025

  • 4.0

    MEDIUM
    CVE-2024-25260

    elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.... Read more

    Affected Products : elfutils
    • Published: Feb. 20, 2024
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2023-47422

    An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.... Read more

    • Published: Feb. 20, 2024
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-56431

    oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.... Read more

    Affected Products : libtheora theora
    • Published: Dec. 25, 2024
    • Modified: Apr. 25, 2025

  • 9.1

    CRITICAL
    CVE-2022-45909

    drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request.... Read more

    Affected Products : drachtio-server
    • EPSS Score: %0.15
    • Published: Nov. 26, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-45908

    In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.... Read more

    Affected Products : paddlepaddle
    • EPSS Score: %0.14
    • Published: Nov. 26, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-45907

    In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.... Read more

    Affected Products : pytorch
    • EPSS Score: %0.28
    • Published: Nov. 26, 2022
    • Modified: Apr. 25, 2025

  • 4.7

    MEDIUM
    CVE-2022-45887

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.... Read more

    • EPSS Score: %0.01
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45280

    A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : eyoucms
    • EPSS Score: %0.08
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-45278

    Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.... Read more

    Affected Products : jizhicms
    • EPSS Score: %0.06
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-45276

    An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password.... Read more

    Affected Products : yjcms
    • EPSS Score: %0.26
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 4.8

    MEDIUM
    CVE-2022-45221

    Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew... Read more

    • EPSS Score: %0.09
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 6.1

    MEDIUM
    CVE-2022-45214

    A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php.... Read more

    Affected Products : sanitization_management_system
    • EPSS Score: %0.11
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45151

    The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in con... Read more

    Affected Products : moodle fedora
    • EPSS Score: %0.19
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 6.1

    MEDIUM
    CVE-2022-45150

    A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary H... Read more

    Affected Products : moodle fedora
    • EPSS Score: %0.21
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025
Showing 20 of 291741 Results