Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2023-0129

    Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium s... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.12
    • Published: Jan. 10, 2023
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2023-0128

    Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security se... Read more

    Affected Products : chrome chrome_os
    • EPSS Score: %0.48
    • Published: Jan. 10, 2023
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2023-0078

    The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users... Read more

    Affected Products : resume_builder
    • EPSS Score: %0.10
    • Published: Mar. 06, 2023
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2022-4750

    The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contribut... Read more

    • EPSS Score: %0.10
    • Published: Feb. 21, 2023
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2022-4714

    The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack... Read more

    Affected Products : wp_dark_mode
    • EPSS Score: %0.16
    • Published: Feb. 21, 2023
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-4450

    The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointer... Read more

    • EPSS Score: %0.12
    • Published: Feb. 08, 2023
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-4415

    A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.... Read more

    Affected Products : systemd
    • EPSS Score: %0.03
    • Published: Jan. 11, 2023
    • Modified: May. 05, 2025

  • 7.3

    HIGH
    CVE-2022-46908

    SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.... Read more

    Affected Products : sqlite
    • EPSS Score: %0.09
    • Published: Dec. 12, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-44793

    handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.... Read more

    • EPSS Score: %1.96
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-44792

    handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Den... Read more

    • EPSS Score: %2.64
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-43126

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/tests/manage_test.php.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-43125

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/manage_appointment.php.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-43124

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 4.9

    MEDIUM
    CVE-2022-43086

    Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php.... Read more

    • EPSS Score: %0.08
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-43085

    An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    • EPSS Score: %0.12
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2022-43084

    A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the v_name parameter.... Read more

    Affected Products : vehicle_booking_system
    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-43079

    A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.... Read more

    Affected Products : train_scheduler_app
    • EPSS Score: %0.11
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2022-43078

    A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2022-43076

    A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-42326

    Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it... Read more

    Affected Products : fedora debian_linux xen
    • EPSS Score: %0.03
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025
Showing 20 of 291205 Results