Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2022-3833

    The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabil... Read more

    Affected Products : fancier_author_box
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 4.8

    MEDIUM
    CVE-2022-3822

    The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal... Read more

    Affected Products : donations_via_paypal
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 9.0

    CRITICAL
    CVE-2022-37721

    PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.... Read more

    Affected Products : pyrocms
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 9.0

    CRITICAL
    CVE-2022-37720

    Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege esc... Read more

    Affected Products : orchard_cms
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 9.1

    CRITICAL
    CVE-2022-36133

    The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass.... Read more

    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2022-2721

    In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled.... Read more

    Affected Products : octopus_server
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-23044

    Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF. ... Read more

    Affected Products : tiny_file_manager
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 6.1

    MEDIUM
    CVE-2022-0698

    Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter.... Read more

    Affected Products : microweber cockpit
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 9.1

    CRITICAL
    CVE-2024-1735

    A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.... Read more

    Affected Products : armeria
    • Published: Feb. 26, 2024
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2023-49960

    In Indo-Sol PROFINET-INspektor NT through 2.4.0, a path traversal vulnerability in the httpuploadd service of the firmware allows remote attackers to write to arbitrary files via a crafted filename parameter in requests to the /upload endpoint.... Read more

    • Published: Feb. 26, 2024
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2022-43326

    An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords.... Read more

    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-42109

    Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php.... Read more

    Affected Products : online-shopping-system-advanced
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-42100

    KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form.... Read more

    Affected Products : klik
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2023-2766

    A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The ... Read more

    Affected Products : e-office weaver_office_automation
    • Published: May. 17, 2023
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2023-2765

    A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The att... Read more

    Affected Products : e-office weaver_office_automation
    • Published: May. 17, 2023
    • Modified: Apr. 25, 2025

  • 7.3

    HIGH
    CVE-2023-42875

    Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.... Read more

    Affected Products : macos iphone_os tvos watchos safari ipados
    • Published: Apr. 11, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2023-38614

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive user data.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Apr. 11, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-28399

    An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.... Read more

    Affected Products : xmall
    • Published: Apr. 15, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2023-37187

    C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function.... Read more

    Affected Products : c-blosc2 c-blosc2
    • Published: Dec. 25, 2023
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2023-37188

    C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c.... Read more

    Affected Products : c-blosc2 c-blosc2
    • Published: Dec. 25, 2023
    • Modified: Apr. 25, 2025
Showing 20 of 293542 Results