Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-43949

    MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application's database server.... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Injection

  • 5.5

    MEDIUM
    CVE-2025-27087

    A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack.... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2024-53568

    A stored cross-site scripting (XSS) vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter.... Read more

    Affected Products :
    • Published: Apr. 22, 2025
    • Modified: Apr. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2022-45758

    SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzhao.sens.web.controller.admin, getRegister.... Read more

    Affected Products : sens
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-45479

    PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H... Read more

    Affected Products : pc_keyboard_wifi\&bluetooth
    • Published: Dec. 05, 2022
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2022-45292

    User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted.... Read more

    Affected Products : funkwhale
    • Published: Dec. 09, 2022
    • Modified: Apr. 23, 2025

  • 9.1

    CRITICAL
    CVE-2022-45290

    Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java.... Read more

    Affected Products : kbase_doc
    • Published: Dec. 09, 2022
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2022-45275

    An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2022-45269

    A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files.... Read more

    Affected Products : linx_sphere
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 3.5

    LOW
    CVE-2022-45228

    Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page.... Read more

    Affected Products : lg01_lora_firmware lg01_lora
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2022-45227

    The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication.... Read more

    Affected Products : lg01_lora_firmware lg01_lora
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-45145

    egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.... Read more

    Affected Products : chicken
    • Published: Dec. 10, 2022
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2022-45009

    Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : online_leave_management_system
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2022-45008

    Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML... Read more

    Affected Products : online_leave_management_system
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 8.1

    HIGH
    CVE-2022-44942

    Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function.... Read more

    Affected Products : casdoor
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2022-44849

    A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account.... Read more

    Affected Products : metinfo
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2022-44637

    Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.... Read more

    Affected Products : redmine
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2022-44620

    Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.... Read more

    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2022-44608

    Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.... Read more

    Affected Products : cybozu_remote_service
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2022-44606

    OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.... Read more

    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025
Showing 20 of 293641 Results