Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-44139

    Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php.... Read more

    • EPSS Score: %0.08
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44120

    dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php.... Read more

    Affected Products : dedecmsv6
    • EPSS Score: %0.07
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 4.8

    MEDIUM
    CVE-2022-42985

    The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).... Read more

    Affected Products : scratch_login
    • EPSS Score: %0.14
    • Published: Nov. 17, 2022
    • Modified: Apr. 25, 2025

  • 7.2

    HIGH
    CVE-2022-39833

    FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.... Read more

    Affected Products : filecloud
    • EPSS Score: %3.40
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 6.3

    MEDIUM
    CVE-2022-38753

    This update resolves a multi-factor authentication bypass attack... Read more

    Affected Products : netiq_advanced_authentication
    • EPSS Score: %0.04
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-38147

    Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).... Read more

    Affected Products : framework assets
    • EPSS Score: %0.32
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-38145

    Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.... Read more

    Affected Products : silverstripe framework
    • EPSS Score: %0.17
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2022-37772

    Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised... Read more

    Affected Products : maarch_rm
    • EPSS Score: %0.15
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-37430

    Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).... Read more

    Affected Products : framework
    • EPSS Score: %0.32
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-37429

    Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.... Read more

    Affected Products : framework
    • EPSS Score: %0.32
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-37421

    Silverstripe silverstripe/cms through 4.11.0 allows XSS.... Read more

    Affected Products : silverstripe
    • EPSS Score: %0.32
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-36784

    Elsight – Elsight Halo  Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution. ... Read more

    Affected Products : halo_firmware halo
    • EPSS Score: %0.60
    • Published: Nov. 17, 2022
    • Modified: Apr. 25, 2025

  • 8.2

    HIGH
    CVE-2022-36337

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by ... Read more

    Affected Products : kernel
    • EPSS Score: %0.11
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2021-3942

    Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR.... Read more

    • EPSS Score: %4.43
    • Published: Dec. 12, 2022
    • Modified: Apr. 25, 2025

  • 4.3

    MEDIUM
    CVE-2020-23588

    A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to "Enable or Disable Ports" and to "Change port number" t... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • EPSS Score: %0.22
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 3.1

    LOW
    CVE-2020-23587

    A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • EPSS Score: %0.09
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 4.3

    MEDIUM
    CVE-2020-23586

    A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic Control Type Rule.... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • EPSS Score: %0.15
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2020-23585

    A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgm_config_file.asp" because o... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • EPSS Score: %0.44
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2020-23584

    Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the "PingTest" parameter that leads ... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • EPSS Score: %52.85
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2020-23583

    OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diag_ping_admin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAN... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • EPSS Score: %5.89
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025
Showing 20 of 291779 Results