Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-44019

    In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.... Read more

    Affected Products : total.js
    • EPSS Score: %2.32
    • Published: Oct. 30, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-43776

    The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects.... Read more

    Affected Products : metabase
    • EPSS Score: %0.12
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43775

    The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.... Read more

    Affected Products : diaenergie
    • EPSS Score: %9.60
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43774

    The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.... Read more

    Affected Products : diaenergie
    • EPSS Score: %0.24
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-43766

    Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java... Read more

    Affected Products : iotdb
    • EPSS Score: %0.40
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 6.7

    MEDIUM
    CVE-2022-43750

    drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.06
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43286

    Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.... Read more

    Affected Products : njs
    • EPSS Score: %0.10
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-43285

    Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.... Read more

    Affected Products : njs
    • EPSS Score: %0.08
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 7.1

    HIGH
    CVE-2022-43280

    wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.... Read more

    Affected Products : wabt
    • EPSS Score: %0.04
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-43276

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the productId parameter at /php_action/fetchSelectedfood.php.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.06
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-43275

    Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.09
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-43233

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchSelectedUser.php.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.06
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 7.2

    HIGH
    CVE-2022-43232

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.06
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43003

    D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setRepeaterSecurity function.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %0.38
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43002

    D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep54_pskpwd parameter at /goform/form2WizardStep54.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %0.38
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43001

    D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the pskValue parameter in the setSecurity function.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %0.38
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-43000

    D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the wizardstep4_pskpwd parameter at /goform/form2WizardStep4.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %0.38
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2022-42999

    D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %2.25
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-42998

    D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow via the srcip parameter at /goform/form2IPQoSTcAdd.... Read more

    Affected Products : dir-816_firmware dir-816
    • EPSS Score: %0.38
    • Published: Oct. 26, 2022
    • Modified: May. 07, 2025

  • 5.4

    MEDIUM
    CVE-2022-42992

    Multiple stored cross-site scripting (XSS) vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields.... Read more

    Affected Products : train_scheduler_app
    • EPSS Score: %0.17
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025
Showing 20 of 291737 Results