Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-43685

    CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.... Read more

    Affected Products : ckan
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-43215

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php.... Read more

    Affected Products : billing_system
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-43214

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php.... Read more

    Affected Products : billing_system
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-43212

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php.... Read more

    Affected Products : billing_system_project
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.0

    CRITICAL
    CVE-2022-42989

    ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Caixa de Entrada.... Read more

    Affected Products : sankhya_om
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2022-42098

    KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php.... Read more

    Affected Products : klik-socialmediawebsite
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-40303

    An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typi... Read more

    • Published: Nov. 23, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-40189

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to ... Read more

    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 5.1

    MEDIUM
    CVE-2022-3500

    A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for t... Read more

    Affected Products : enterprise_linux fedora keylime
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-39070

    There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.... Read more

    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-39067

    There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.... Read more

    Affected Products : mf286r_firmware mf286r
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2022-39066

    There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.... Read more

    Affected Products : mf286r_firmware mf286r
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 5.4

    MEDIUM
    CVE-2022-38724

    Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS.... Read more

    Affected Products : framework assets asset_admin
    • Published: Nov. 23, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-38649

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access t... Read more

    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2022-38462

    Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request.... Read more

    Affected Products : framework
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 5.3

    MEDIUM
    CVE-2022-37774

    There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document (pdf, email) from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file ac... Read more

    Affected Products : maarch_rm
    • Published: Nov. 23, 2022
    • Modified: Apr. 29, 2025

  • 8.4

    HIGH
    CVE-2022-37018

    A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability.... Read more

    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2022-1038

    A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software.... Read more

    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2021-3821

    A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products.... Read more

    Affected Products : futuresmart_5
    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025

  • 8.4

    HIGH
    CVE-2021-3661

    A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability.... Read more

    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025
Showing 20 of 293542 Results