Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 0.0

    NA
    CVE-2024-46733

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix qgroup reserve leaks in cow_file_range In the buffered write path, the dirty page owns the qgroup reserve until it creates an ordered_extent. Therefore, any errors that occu... Read more

    Affected Products : linux_kernel
    • Published: Sep. 18, 2024
    • Modified: Apr. 25, 2025

  • 5.9

    MEDIUM
    CVE-2022-45480

    PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N... Read more

    Affected Products : pc_keyboard_wifi_\&_bluetooth
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-44959

    webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name fie... Read more

    Affected Products : webtareas
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-44957

    webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field... Read more

    Affected Products : webtareas
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-44956

    webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name fie... Read more

    Affected Products : webtareas
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-44291

    webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.... Read more

    Affected Products : webtareas
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-44290

    webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.... Read more

    Affected Products : webtareas
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 7.2

    HIGH
    CVE-2022-44277

    Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product.... Read more

    Affected Products : sanitization_management_system
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-44136

    Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).... Read more

    Affected Products : zenario
    • Published: Nov. 30, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-44097

    Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.... Read more

    Affected Products : book_store_management_system
    • Published: Nov. 30, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-40849

    ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS). An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the clie... Read more

    Affected Products : thinkcmf
    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 8.8

    HIGH
    CVE-2022-40489

    ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows a Super Administrator user to be injected into administrative users.... Read more

    Affected Products : thinkcmf
    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 8.8

    HIGH
    CVE-2022-3713

    A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA.... Read more

    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2022-37017

    Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. T... Read more

    Affected Products : symantec_endpoint_protection
    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-37016

    Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally... Read more

    Affected Products : symantec_endpoint_protection
    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 9.1

    CRITICAL
    CVE-2024-32752

    The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated communications with ICU, which may allow an attacker to gain unauthorized access... Read more

    Affected Products :
    • Published: Jun. 06, 2024
    • Modified: Apr. 24, 2025

  • 7.8

    HIGH
    CVE-2023-39810

    An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.... Read more

    Affected Products : busybox
    • Published: Aug. 28, 2023
    • Modified: Apr. 24, 2025

  • 7.1

    HIGH
    CVE-2022-45797

    An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: a... Read more

    Affected Products : windows apex_one
    • Published: Dec. 12, 2022
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2022-45640

    Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local).... Read more

    Affected Products : ac6_firmware ac6
    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2022-45337

    Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind.... Read more

    Affected Products : tx9_pro_firmware tx9_pro
    • Published: Nov. 30, 2022
    • Modified: Apr. 24, 2025
Showing 20 of 293562 Results