Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2022-30529

    File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinym... Read more

    Affected Products : isic.lk
    • Published: Nov. 22, 2022
    • Modified: Apr. 28, 2025

  • 4.9

    MEDIUM
    CVE-2022-22488

    IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337.... Read more

    • Published: Dec. 12, 2022
    • Modified: Apr. 28, 2025

  • 4.8

    MEDIUM
    CVE-2025-29018

    A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0.... Read more

    • Published: Apr. 09, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-46085

    FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename... Read more

    Affected Products : frogcms
    • Published: Sep. 17, 2024
    • Modified: Apr. 28, 2025

  • 8.8

    HIGH
    CVE-2024-46362

    FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory... Read more

    Affected Products : frogcms
    • Published: Sep. 17, 2024
    • Modified: Apr. 28, 2025

  • 7.5

    HIGH
    CVE-2024-46609

    An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords... Read more

    Affected Products : icecms icecms
    • Published: Sep. 25, 2024
    • Modified: Apr. 28, 2025

  • 9.1

    CRITICAL
    CVE-2024-25141

    When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.... Read more

    • Published: Feb. 20, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-46612

    IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information.... Read more

    Affected Products : icecms icecms
    • Published: Sep. 25, 2024
    • Modified: Apr. 28, 2025

  • 7.8

    HIGH
    CVE-2022-44653

    A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-pr... Read more

    Affected Products : apex_one
    • Published: Dec. 12, 2022
    • Modified: Apr. 28, 2025

  • 7.8

    HIGH
    CVE-2022-44652

    An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to exec... Read more

    Affected Products : apex_one
    • Published: Dec. 12, 2022
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-44118

    dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php.... Read more

    Affected Products : dedecmsv6
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-43213

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editorder.php.... Read more

    Affected Products : billing_system_project
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 9.1

    CRITICAL
    CVE-2022-43196

    dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php.... Read more

    Affected Products : dedecmsv6
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 4.8

    MEDIUM
    CVE-2022-42095

    Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.... Read more

    Affected Products : backdrop backdrop_cms
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 8.8

    HIGH
    CVE-2022-3849

    The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin... Read more

    Affected Products : wp_user_merger
    • Published: Nov. 28, 2022
    • Modified: Apr. 28, 2025

  • 7.2

    HIGH
    CVE-2024-46331

    ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect parameter at /admin/login. This vulnerability allows attackers to redirect users to an arbitrary website via a crafted URL.... Read more

    Affected Products : mostartcms
    • Published: Sep. 27, 2024
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2024-46293

    Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token.... Read more

    • Published: Sep. 30, 2024
    • Modified: Apr. 28, 2025

  • 6.5

    MEDIUM
    CVE-2024-45870

    Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file.... Read more

    Affected Products : bandiview
    • Published: Oct. 03, 2024
    • Modified: Apr. 28, 2025

  • 6.3

    MEDIUM
    CVE-2024-45871

    Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS).... Read more

    Affected Products : bandiview
    • Published: Oct. 03, 2024
    • Modified: Apr. 28, 2025

  • 6.3

    MEDIUM
    CVE-2024-45872

    Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files.... Read more

    Affected Products : bandiview
    • Published: Oct. 03, 2024
    • Modified: Apr. 28, 2025
Showing 20 of 293620 Results