Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-4768

    A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function add_public_key of the file grouper/public_key.py of the component SSH Public Key Handler. The manipulation of the argument public_key_str leads to inj... Read more

    Affected Products : merou
    • EPSS Score: %0.08
    • Published: Dec. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4693

    The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is ... Read more

    Affected Products : user_verification
    • EPSS Score: %2.17
    • Published: Jan. 23, 2023
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-4739

    A vulnerability classified as critical was found in SourceCodester School Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Admin Login. The manipulation leads to sql injection. The attack can be ... Read more

    • EPSS Score: %0.04
    • Published: Dec. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4494

    A vulnerability, which was classified as critical, has been found in bspkrs MCPMappingViewer. Affected by this issue is the function extractZip of the file src/main/java/bspkrs/mmv/RemoteZipHandler.java of the component ZIP File Handler. The manipulation ... Read more

    Affected Products : mcp_mapping_viewer
    • EPSS Score: %0.08
    • Published: Dec. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4427

    Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Ed... Read more

    Affected Products : otrs
    • EPSS Score: %0.15
    • Published: Dec. 19, 2022
    • Modified: Feb. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-4594

    A vulnerability was found in drogatkin TJWS2. It has been declared as critical. Affected by this vulnerability is the function deployWar of the file 1.x/src/rogatkin/web/WarRoller.java. The manipulation leads to path traversal. The attack can be launched ... Read more

    Affected Products : tjws2
    • EPSS Score: %0.07
    • Published: Dec. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4592

    A vulnerability was found in luckyshot CRMx and classified as critical. This issue affects the function get/save/delete/comment/commentdelete of the file index.php. The manipulation leads to sql injection. The attack may be initiated remotely. The name of... Read more

    Affected Products : crmx
    • EPSS Score: %0.04
    • Published: Dec. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4498

    In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd pro... Read more

    • EPSS Score: %0.17
    • Published: Jan. 11, 2023
    • Modified: Apr. 09, 2025

  • 9.8

    CRITICAL
    CVE-2022-4305

    The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.... Read more

    • EPSS Score: %88.99
    • Published: Jan. 23, 2023
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2022-4375

    A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been classified as critical. Affected is an unknown function of the file /cms/category/list. The manipulation of the argument sqlWhere leads to sql injection. It is possible to launch the atta... Read more

    Affected Products : mcms
    • EPSS Score: %46.10
    • Published: Dec. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4337

    An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.... Read more

    Affected Products : debian_linux openvswitch
    • EPSS Score: %0.38
    • Published: Jan. 10, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4314

    Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2.... Read more

    Affected Products : rdiffweb
    • EPSS Score: %0.06
    • Published: Dec. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4248

    A vulnerability, which was classified as critical, has been found in Movie Ticket Booking System. This issue affects some unknown processing of the file editBooking.php. The manipulation of the argument id leads to sql injection. The attack may be initiat... Read more

    Affected Products : movie_ticket_booking_system
    • EPSS Score: %0.04
    • Published: Dec. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4257

    A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to ... Read more

    • EPSS Score: %4.16
    • Published: Dec. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4272

    A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. Th... Read more

    Affected Products : warehouse_management_system
    • EPSS Score: %0.07
    • Published: Dec. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4273

    A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipu... Read more

    Affected Products : human_resource_management_system
    • EPSS Score: %0.06
    • Published: Dec. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4221

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1... Read more

    Affected Products : nas-m25_firmware nas-m25
    • EPSS Score: %4.68
    • Published: Dec. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-4170

    The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.... Read more

    • EPSS Score: %1.97
    • Published: Dec. 09, 2022
    • Modified: Apr. 14, 2025

  • 9.8

    CRITICAL
    CVE-2022-4118

    The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated u... Read more

    • EPSS Score: %0.43
    • Published: May. 08, 2023
    • Modified: Jan. 31, 2025

  • 9.8

    CRITICAL
    CVE-2022-4012

    A vulnerability classified as critical has been found in Hospital Management Center. Affected is an unknown function of the file patient-info.php. The manipulation of the argument pt_id leads to sql injection. It is possible to launch the attack remotely.... Read more

    Affected Products : hospital_management_center
    • EPSS Score: %0.04
    • Published: Nov. 16, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292727 Results