Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.7

    MEDIUM
    CVE-2023-49114

    A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions ... Read more

    Affected Products : qognify_vms_client_viewer
    • Published: Feb. 26, 2024
    • Modified: Apr. 25, 2025

  • 5.3

    MEDIUM
    CVE-2024-21501

    Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could explo... Read more

    Affected Products : fedora sanitize-html
    • Published: Feb. 24, 2024
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2024-25469

    SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.... Read more

    Affected Products : crmeb_java
    • Published: Feb. 23, 2024
    • Modified: Apr. 25, 2025

  • 5.5

    MEDIUM
    CVE-2022-45873

    systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same functio... Read more

    Affected Products : fedora systemd
    • EPSS Score: %0.03
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-45872

    iTerm2 before 3.4.18 mishandles a DECRQSS response.... Read more

    Affected Products : iterm2
    • EPSS Score: %1.41
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 5.3

    MEDIUM
    CVE-2022-45866

    qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.... Read more

    Affected Products : fedora qpress
    • EPSS Score: %0.62
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45472

    CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup.... Read more

    Affected Products : learningspace_enterprise
    • EPSS Score: %0.78
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-45462

    Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher... Read more

    Affected Products : dolphinscheduler
    • EPSS Score: %3.64
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45040

    A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.... Read more

    Affected Products : wbce_cms
    • EPSS Score: %0.10
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 7.2

    HIGH
    CVE-2022-45039

    An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : wbce_cms
    • EPSS Score: %0.12
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45038

    A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.... Read more

    Affected Products : wbce_cms
    • EPSS Score: %13.15
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45037

    A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.... Read more

    Affected Products : wbce_cms
    • EPSS Score: %13.15
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45036

    A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.... Read more

    Affected Products : wbce_cms
    • EPSS Score: %0.10
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 8.1

    HIGH
    CVE-2022-38813

    PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report.... Read more

    • EPSS Score: %3.46
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2022-38767

    An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure.... Read more

    Affected Products : vxworks
    • EPSS Score: %0.13
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2022-26885

    When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.... Read more

    Affected Products : dolphinscheduler
    • EPSS Score: %0.20
    • Published: Nov. 24, 2022
    • Modified: Apr. 25, 2025

  • 5.5

    MEDIUM
    CVE-2021-39343

    The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user ... Read more

    Affected Products : mpl-publisher mpl-publisher
    • EPSS Score: %0.57
    • Published: Oct. 19, 2021
    • Modified: Apr. 25, 2025

  • 6.1

    MEDIUM
    CVE-2024-25344

    Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php... Read more

    Affected Products : itflow
    • Published: Feb. 26, 2024
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2024-22371

    Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22... Read more

    Affected Products : camel
    • Published: Feb. 26, 2024
    • Modified: Apr. 25, 2025

  • 6.2

    MEDIUM
    CVE-2023-50246

    jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.... Read more

    Affected Products : jq
    • EPSS Score: %0.16
    • Published: Dec. 13, 2023
    • Modified: Apr. 25, 2025
Showing 20 of 291756 Results