Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2022-43692

    Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS - user can cause an administrator to trigger reflected XSS with a url if the targeted administrator is using an old browser that lacks XSS protection... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.56
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-43691

    Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information (secrets in environment variables and server information) when Debug Mode is left on in production.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.16
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 6.3

    MEDIUM
    CVE-2022-43690

    Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 did not use strict comparison for the legacy_salt so that limited authentication bypass could occur if using this functionality. Remediate by updating to Concrete CMS 9.1.3+ or 8.5... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.17
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 5.3

    MEDIUM
    CVE-2022-43689

    Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XXE based DNS requests leading to IP disclosure.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.26
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-43687

    Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.35
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2022-43686

    In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2, the authTypeConcreteCookieMap table can be filled up causing a denial of service (high load).... Read more

    Affected Products : concrete_cms concrete5
    • EPSS Score: %0.25
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-43342

    A stored cross-site scripting (XSS) vulnerability in the Add function of Eramba GRC Software c2.8.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the KPI Title text field.... Read more

    Affected Products : eramba
    • EPSS Score: %0.64
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2022-43323

    EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.... Read more

    Affected Products : eyoucms
    • EPSS Score: %0.14
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-43264

    Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via a crafted web request.... Read more

    Affected Products : guitar_pro
    • EPSS Score: %0.17
    • Published: Nov. 16, 2022
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-43263

    A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the name of an uploaded file.... Read more

    Affected Products : guitar_pro
    • EPSS Score: %0.11
    • Published: Nov. 16, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-43256

    SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php.... Read more

    Affected Products : seacms
    • EPSS Score: %0.08
    • Published: Nov. 16, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-43234

    An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : hoosk
    • EPSS Score: %0.12
    • Published: Nov. 16, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-43135

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /diagnostic/login.php.... Read more

    • EPSS Score: %0.08
    • Published: Nov. 16, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-42960

    EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 allows DOM XSS due to improper validation of message events to accessibility.js.... Read more

    Affected Products : equalweb_accessibility_widget
    • EPSS Score: %0.15
    • Published: Nov. 17, 2022
    • Modified: Apr. 30, 2025

  • 4.3

    MEDIUM
    CVE-2022-40309

    Users with write permissions to a repository can delete arbitrary directories.... Read more

    Affected Products : archiva
    • EPSS Score: %0.21
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-40308

    If anonymous read enabled, it's possible to read the database file directly without logging in.... Read more

    Affected Products : archiva
    • EPSS Score: %0.27
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.1

    HIGH
    CVE-2022-3763

    The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout... Read more

    Affected Products : booster_for_woocommerce
    • EPSS Score: %0.21
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2022-3762

    The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ... Read more

    Affected Products : booster_for_woocommerce
    • EPSS Score: %0.38
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 4.8

    MEDIUM
    CVE-2022-3753

    The Evaluate WordPress plugin through 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e... Read more

    Affected Products : evaluate
    • EPSS Score: %0.12
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 4.7

    MEDIUM
    CVE-2022-3750

    The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.... Read more

    Affected Products : ask_me
    • EPSS Score: %0.14
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025
Showing 20 of 291132 Results