Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2022-44294

    Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=.... Read more

    Affected Products : sanitization_management_system
    • Published: Nov. 30, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-44151

    Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.... Read more

    Affected Products : sanitization_management_system
    • Published: Nov. 30, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-43325

    An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input.... Read more

    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 7.8

    HIGH
    CVE-2022-42718

    Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : labview_command_line_interface
    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 8.6

    HIGH
    CVE-2022-41412

    An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.... Read more

    Affected Products : perfsonar
    • Published: Nov. 30, 2022
    • Modified: Apr. 24, 2025

  • 8.4

    HIGH
    CVE-2022-3709

    A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA.... Read more

    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 7.2

    HIGH
    CVE-2022-3696

    A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA.... Read more

    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 7.2

    HIGH
    CVE-2022-3226

    An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA.... Read more

    • Published: Dec. 01, 2022
    • Modified: Apr. 24, 2025

  • 6.8

    MEDIUM
    CVE-2022-38803

    Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF... Read more

    Affected Products : biotime
    • Published: Nov. 30, 2022
    • Modified: Apr. 24, 2025

  • 6.2

    MEDIUM
    CVE-2022-38802

    Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator w... Read more

    Affected Products : biotime
    • Published: Nov. 30, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-38801

    In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting.... Read more

    Affected Products : biotime
    • Published: Nov. 30, 2022
    • Modified: Apr. 24, 2025

  • 7.2

    HIGH
    CVE-2022-37924

    Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underly... Read more

    Affected Products : edgeconnect_enterprise
    • Published: Dec. 12, 2022
    • Modified: Apr. 24, 2025

  • 8.8

    HIGH
    CVE-2022-24441

    The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be exec... Read more

    • Published: Nov. 30, 2022
    • Modified: Apr. 24, 2025

  • 8.1

    HIGH
    CVE-2024-6387

    A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenti... Read more

    • Published: Jul. 01, 2024
    • Modified: Apr. 24, 2025

  • 8.8

    HIGH
    CVE-2024-4367

    A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.... Read more

    • Published: May. 14, 2024
    • Modified: Apr. 24, 2025

  • 6.1

    MEDIUM
    CVE-2023-41425

    Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.... Read more

    Affected Products : wondercms
    • Published: Nov. 07, 2023
    • Modified: Apr. 24, 2025

  • 6.1

    MEDIUM
    CVE-2023-2745

    WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a cr... Read more

    Affected Products : wordpress
    • Published: May. 17, 2023
    • Modified: Apr. 24, 2025

  • 6.5

    MEDIUM
    CVE-2022-46338

    g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.... Read more

    Affected Products : debian_linux g810-led
    • Published: Nov. 30, 2022
    • Modified: Apr. 24, 2025

  • 5.5

    MEDIUM
    CVE-2022-45869

    A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.... Read more

    Affected Products : linux_kernel
    • Published: Nov. 30, 2022
    • Modified: Apr. 24, 2025

  • 5.5

    MEDIUM
    CVE-2022-37926

    A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface by uploading a specially crafted file. A successful exp... Read more

    Affected Products : edgeconnect_enterprise
    • Published: Dec. 12, 2022
    • Modified: Apr. 24, 2025
Showing 20 of 293544 Results