Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-44793

    handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.... Read more

    • EPSS Score: %1.96
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-44792

    handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Den... Read more

    • EPSS Score: %2.64
    • Published: Nov. 07, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-43126

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/tests/manage_test.php.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-43125

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/manage_appointment.php.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-43124

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 4.9

    MEDIUM
    CVE-2022-43086

    Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php.... Read more

    • EPSS Score: %0.08
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-43085

    An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    • EPSS Score: %0.12
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2022-43084

    A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the v_name parameter.... Read more

    Affected Products : vehicle_booking_system
    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-43079

    A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.... Read more

    Affected Products : train_scheduler_app
    • EPSS Score: %0.11
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2022-43078

    A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2022-43076

    A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-42326

    Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it... Read more

    Affected Products : fedora debian_linux xen
    • EPSS Score: %0.03
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-41723

    A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.... Read more

    Affected Products : go hpack http2
    • EPSS Score: %0.23
    • Published: Feb. 28, 2023
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-40742

    Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system info... Read more

    Affected Products : mail_sqr_expert
    • EPSS Score: %0.26
    • Published: Oct. 31, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-3786

    A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an a... Read more

    Affected Products : fedora openssl node.js
    • EPSS Score: %22.05
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-3602

    A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for th... Read more

    • EPSS Score: %85.70
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2022-3469

    The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : wp_attachments
    • EPSS Score: %0.18
    • Published: Nov. 14, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-3373

    Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.47
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-3204

    A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. ... Read more

    Affected Products : fedora unbound
    • EPSS Score: %0.30
    • Published: Sep. 26, 2022
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2022-39189

    An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.... Read more

    • EPSS Score: %0.02
    • Published: Sep. 02, 2022
    • Modified: May. 05, 2025
Showing 20 of 291216 Results