Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2022-45009

    Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : online_leave_management_system
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2022-45008

    Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML... Read more

    Affected Products : online_leave_management_system
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 8.1

    HIGH
    CVE-2022-44942

    Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function.... Read more

    Affected Products : casdoor
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2022-44849

    A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account.... Read more

    Affected Products : metinfo
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2022-44637

    Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.... Read more

    Affected Products : redmine
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2022-44620

    Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.... Read more

    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2022-44608

    Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.... Read more

    Affected Products : cybozu_remote_service
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2022-44606

    OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.... Read more

    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2022-44393

    Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=.... Read more

    Affected Products : sanitization_management_system
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2022-44373

    A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution.... Read more

    Affected Products : tew-820ap_firmware tew-820ap
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-44371

    hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE).... Read more

    Affected Products : hope-boot
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2022-43668

    Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product.... Read more

    Affected Products : typora
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 7.8

    HIGH
    CVE-2022-43667

    Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file.... Read more

    Affected Products : cx-programmer
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2022-43660

    Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected... Read more

    Affected Products : movable_type
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2022-3641

    Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account. ... Read more

    Affected Products : remote_desktop_manager
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 2.3

    LOW
    CVE-2025-2517

    Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager.... Read more

    Affected Products :
    • Published: Apr. 21, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-3854

    A vulnerability, which was classified as critical, was found in H3C GR-3000AX up to V100R006. Affected is the function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit_List_SSID of the file /goform/aspForm of the component HTTP POST Req... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Memory Corruption

  • 7.1

    HIGH
    CVE-2024-46899

    Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Ana... Read more

    Affected Products : ops_center_common_services
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authentication

  • 7.0

    HIGH
    CVE-2025-3519

    An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID (UUID). In case a participant of this or anoth... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Authorization

  • 7.6

    HIGH
    CVE-2025-23251

    NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection
Showing 20 of 293609 Results