Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-43351

    Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img.... Read more

    Affected Products : sanitization_management_system
    • EPSS Score: %0.10
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-43350

    Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry.... Read more

    Affected Products : sanitization_management_system
    • EPSS Score: %0.09
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-43319

    An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.... Read more

    Affected Products : simple_e-learning_system
    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-43306

    The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1... Read more

    Affected Products : d8s-timer
    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-43305

    The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm ... Read more

    Affected Products : d8s-python
    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-43304

    The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1... Read more

    Affected Products : d8s-timer
    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-43303

    The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0... Read more

    Affected Products : d8s-strings
    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-43052

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-43051

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-43050

    Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-43049

    Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php.... Read more

    Affected Products : canteen_management_system
    • EPSS Score: %0.07
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2022-43046

    Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php.... Read more

    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-42990

    Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer.... Read more

    • EPSS Score: %0.07
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-42956

    The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password.... Read more

    Affected Products : passwork
    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-42955

    The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials.... Read more

    Affected Products : passwork
    • EPSS Score: %0.12
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 4.6

    MEDIUM
    CVE-2024-32206

    A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter.... Read more

    Affected Products : wuzhicms
    • Published: Apr. 19, 2024
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2024-27757

    flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."... Read more

    Affected Products : flusity
    • Published: Mar. 18, 2024
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2018-10391

    An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI.... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.24
    • Published: Apr. 26, 2018
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2018-18711

    An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's password via index.php?m=core&f=panel&v=edit_info.... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.14
    • Published: Oct. 29, 2018
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2018-18712

    An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1.... Read more

    Affected Products : wuzhi_cms wuzhicms
    • EPSS Score: %0.14
    • Published: Oct. 29, 2018
    • Modified: May. 05, 2025
Showing 20 of 291255 Results