Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2022-0564

    A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow t... Read more

    Affected Products : windows qlik_sense
    • Published: Feb. 21, 2022
    • Modified: Apr. 25, 2025

  • 6.8

    MEDIUM
    CVE-2025-37088

    A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access.... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Race Condition

  • 6.9

    MEDIUM
    CVE-2025-27371

    In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC ... Read more

    Affected Products :
    • Published: Mar. 03, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Authentication

  • 6.9

    MEDIUM
    CVE-2025-27370

    OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the private_key_jwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the... Read more

    Affected Products : openid_connect
    • Published: Mar. 03, 2025
    • Modified: Apr. 25, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2024-50086

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix user-after-free from session log off There is racy issue between smb2 session log off and smb2 session setup. It will cause user-after-free from session log off. This add ses... Read more

    Affected Products : linux_kernel
    • Published: Oct. 29, 2024
    • Modified: Apr. 25, 2025

  • 4.3

    MEDIUM
    CVE-2022-45307

    Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder.... Read more

    Affected Products : chocolatey_php
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 4.3

    MEDIUM
    CVE-2022-45306

    Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.... Read more

    Affected Products : chocolatey_azure-pipelines-agent
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 4.3

    MEDIUM
    CVE-2022-45305

    Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder.... Read more

    Affected Products : chocolatey_python3
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 4.3

    MEDIUM
    CVE-2022-45304

    Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.... Read more

    Affected Products : chocolatey_cmder
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 4.3

    MEDIUM
    CVE-2022-45301

    Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder.... Read more

    Affected Products : chocolatey_ruby
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 5.5

    MEDIUM
    CVE-2022-45204

    GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.... Read more

    Affected Products : gpac
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 7.8

    HIGH
    CVE-2022-45202

    GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c.... Read more

    Affected Products : gpac
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-44635

    Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 a... Read more

    Affected Products : fineract
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2022-44356

    WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files.... Read more

    Affected Products : wl-wn531g3_firmware wl-wn531g3
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 6.1

    MEDIUM
    CVE-2022-44355

    SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php.... Read more

    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44096

    Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.... Read more

    Affected Products : sanitization_management_system
    • Published: Nov. 30, 2022
    • Modified: Apr. 25, 2025

  • 4.9

    MEDIUM
    CVE-2022-42445

    HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. ... Read more

    Affected Products : hcl_launch
    • Published: Dec. 12, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-3865

    The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin... Read more

    Affected Products : wp_user_merger
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 4.3

    MEDIUM
    CVE-2022-3850

    The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack... Read more

    Affected Products : find_and_replace_all
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 4.8

    MEDIUM
    CVE-2022-3831

    The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e... Read more

    Affected Products : recaptcha
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025
Showing 20 of 293517 Results