Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2022-43276

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the productId parameter at /php_action/fetchSelectedfood.php.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.06
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-43275

    Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.09
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-43233

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchSelectedUser.php.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.06
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-43232

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.06
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43003

    D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %0.38
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43002

    D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %0.38
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43001

    D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %0.38
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43000

    D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %0.38
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-42999

    D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %2.25
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-42998

    D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %0.38
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2022-42992

    Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields.... Read more

    Affected Products : train_scheduler_app
    • EPSS Score: %0.17
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2022-42991

    A stored cross-site scripting (XSS) vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field.... Read more

    • EPSS Score: %0.17
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 8.1

    HIGH
    CVE-2022-42915

    curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. ... Read more

    • EPSS Score: %0.58
    • Published: Oct. 29, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-42468

    Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no prot... Read more

    Affected Products : flume
    • EPSS Score: %0.81
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-42055

    Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.... Read more

    Affected Products : goodcloud
    • EPSS Score: %0.97
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-40238

    A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is acces... Read more

    Affected Products : vince
    • EPSS Score: %2.22
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-3394

    The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the... Read more

    Affected Products : wp_all_export
    • EPSS Score: %0.52
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-3393

    The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection... Read more

    Affected Products : post_to_csv
    • EPSS Score: %3.66
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 4.8

    MEDIUM
    CVE-2022-3392

    The WP Humans.txt WordPress plugin through 1.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ... Read more

    Affected Products : wp_humans.txt
    • EPSS Score: %0.71
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-38060

    A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.... Read more

    Affected Products : openstack kolla
    • EPSS Score: %0.02
    • Published: Dec. 21, 2022
    • Modified: May. 07, 2025
Showing 20 of 291401 Results