Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-43256

    SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php.... Read more

    Affected Products : seacms
    • Published: Nov. 16, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-44004

    An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password-reset process for any account and set a new password.... Read more

    Affected Products : backclick
    • Published: Nov. 16, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-36784

    Elsight – Elsight Halo  Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution. ... Read more

    Affected Products : halo_firmware halo
    • Published: Nov. 17, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-41155

    Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress.... Read more

    Affected Products : iq_block_country
    • Published: Nov. 19, 2022
    • Modified: Feb. 20, 2025

  • 9.8

    CRITICAL
    CVE-2022-47035

    Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint.... Read more

    Affected Products : dir-825_firmware dir-825
    • Published: Jan. 31, 2023
    • Modified: Mar. 27, 2025

  • 9.8

    CRITICAL
    CVE-2022-41326

    The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the ... Read more

    Affected Products : micollab
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-43215

    Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php.... Read more

    Affected Products : billing_system
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44191

    Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2.... Read more

    Affected Products : r7000p_firmware r7000p
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44252

    TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44255

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2021-35284

    SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1.... Read more

    Affected Products : cms-php
    • Published: Nov. 23, 2022
    • Modified: Apr. 28, 2025

  • 9.8

    CRITICAL
    CVE-2022-44120

    dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php.... Read more

    Affected Products : dedecmsv6
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-45872

    iTerm2 before 3.4.18 mishandles a DECRQSS response.... Read more

    Affected Products : iterm2
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-4088

    A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The at... Read more

    Affected Products : stock_management_system
    • Published: Nov. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-45476

    Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload. ... Read more

    Affected Products : tiny_file_manager
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44843

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44400

    Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info.... Read more

    Affected Products : purchase_order_management_system
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-4232

    A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely.... Read more

    • Published: Nov. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-43325

    An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input.... Read more

    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-44945

    Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.... Read more

    Affected Products : rukovoditel
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025
Showing 20 of 293343 Results