Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2023-50718

    NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped `table_name`. This vulnerability may result in leakage of s... Read more

    Affected Products : nocodb nocodb
    • Published: May. 14, 2024
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2022-2339

    With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.... Read more

    Affected Products : nocodb nocodb
    • Published: Jul. 07, 2022
    • Modified: Aug. 26, 2025

  • 6.5

    MEDIUM
    CVE-2023-5104

    Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0.... Read more

    Affected Products : nocodb nocodb
    • Published: Sep. 21, 2023
    • Modified: Aug. 26, 2025

  • 7.3

    HIGH
    CVE-2022-3423

    Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0. ... Read more

    Affected Products : nocodb nocodb
    • Published: Oct. 07, 2022
    • Modified: Aug. 26, 2025

  • 6.5

    MEDIUM
    CVE-2023-43794

    Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the g... Read more

    Affected Products : nocodb nocodb
    • Published: Oct. 17, 2023
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2022-2064

    Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+.... Read more

    Affected Products : nocodb nocodb
    • Published: Jun. 13, 2022
    • Modified: Aug. 26, 2025

  • 8.0

    HIGH
    CVE-2022-22121

    In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint a... Read more

    Affected Products : nocodb nocodb
    • Published: Jan. 10, 2022
    • Modified: Aug. 26, 2025

  • 9.1

    CRITICAL
    CVE-2022-2062

    Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+.... Read more

    Affected Products : nocodb nocodb
    • Published: Jun. 13, 2022
    • Modified: Aug. 26, 2025

  • 7.3

    HIGH
    CVE-2022-2079

    Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+.... Read more

    Affected Products : nocodb nocodb
    • Published: Jun. 14, 2022
    • Modified: Aug. 26, 2025

  • 5.3

    MEDIUM
    CVE-2022-22120

    In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the syst... Read more

    Affected Products : nocodb nocodb
    • Published: Jan. 10, 2022
    • Modified: Aug. 26, 2025

  • 9.0

    CRITICAL
    CVE-2022-2022

    Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7.... Read more

    Affected Products : nocodb nocodb
    • Published: Jun. 07, 2022
    • Modified: Aug. 26, 2025

  • 9.0

    CRITICAL
    CVE-2022-2063

    Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+.... Read more

    Affected Products : nocodb nocodb
    • Published: Jun. 13, 2022
    • Modified: Aug. 26, 2025

  • 6.5

    MEDIUM
    CVE-2024-31208

    Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induc... Read more

    Affected Products : fedora synapse
    • Published: Apr. 23, 2024
    • Modified: Aug. 26, 2025

  • 7.3

    HIGH
    CVE-2024-24910

    A local attacker can escalate privileges on affected Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to ex... Read more

    • Published: Apr. 18, 2024
    • Modified: Aug. 26, 2025

  • 8.8

    HIGH
    CVE-2025-1227

    A vulnerability was found in ywoa up to 2024.07.03. It has been rated as critical. This issue affects the function selectList of the file com/cloudweb/oa/mapper/xml/AddressDao.xml. The manipulation leads to sql injection. The attack may be initiated remot... Read more

    Affected Products : ywoa yimioa
    • Published: Feb. 12, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-1225

    A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipul... Read more

    Affected Products : ywoa yimioa
    • Published: Feb. 12, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: XML External Entity

  • 8.8

    HIGH
    CVE-2025-1216

    A vulnerability, which was classified as critical, has been found in ywoa up to 2024.07.03. This issue affects the function selectNoticeList of the file com/cloudweb/oa/mapper/xml/OaNoticeMapper.xml. The manipulation of the argument sort leads to sql inje... Read more

    Affected Products : ywoa yimioa
    • Published: Feb. 12, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1226

    A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The expl... Read more

    Affected Products : ywoa yimioa
    • Published: Feb. 12, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-1224

    A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation leads to sql injection. The attack can be initiated re... Read more

    Affected Products : ywoa yimioa
    • Published: Feb. 12, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Injection

  • 7.8

    HIGH
    CVE-2025-5199

    In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup.... Read more

    Affected Products : macos multipass
    • Published: Jul. 12, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization
Showing 20 of 293186 Results