Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2022-44858

    Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php.... Read more

    Affected Products : automotive_shop_management_system
    • EPSS Score: %0.07
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44844

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %1.39
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44843

    TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.... Read more

    Affected Products : a7100ru_firmware a7100ru
    • EPSS Score: %1.39
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2022-44725

    OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).... Read more

    • EPSS Score: %0.05
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-44411

    Web Based Quiz System v1.0 transmits user passwords in plaintext during the authentication process, allowing attackers to obtain users' passwords via a bruteforce attack.... Read more

    Affected Products : web_based_quiz_system
    • EPSS Score: %0.06
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025

  • 7.2

    HIGH
    CVE-2022-44403

    Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/manage_user&id=.... Read more

    Affected Products : automotive_shop_management_system
    • EPSS Score: %0.07
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 7.2

    HIGH
    CVE-2022-44402

    Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_transaction.... Read more

    Affected Products : automotive_shop_management_system
    • EPSS Score: %0.07
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2022-44384

    An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : rconfig
    • EPSS Score: %0.06
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44262

    ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE).... Read more

    Affected Products : ff4j
    • EPSS Score: %2.45
    • Published: Dec. 01, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44001

    An issue was discovered in BACKCLICK Professional 5.9.63. User authentication for accessing the CORBA back-end services can be bypassed.... Read more

    Affected Products : backclick
    • EPSS Score: %0.02
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 8.2

    HIGH
    CVE-2022-43984

    Browsershot version 3.57.3 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the JS content imported from an external source passed to the Browsershot::html method does no... Read more

    Affected Products : browsershot
    • EPSS Score: %0.14
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025

  • 8.2

    HIGH
    CVE-2022-43983

    Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the fi... Read more

    Affected Products : browsershot
    • EPSS Score: %0.14
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2022-43708

    MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name... Read more

    Affected Products : mybb
    • EPSS Score: %0.11
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2022-43707

    MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visual MyCode editor (SCEditor) allows remote attackers to inject HTML via user input or stored data... Read more

    Affected Products : mybb
    • EPSS Score: %0.10
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2022-43332

    A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel.... Read more

    Affected Products : wondercms
    • EPSS Score: %0.24
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 4.8

    MEDIUM
    CVE-2022-42097

    Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' .... Read more

    Affected Products : backdrop
    • EPSS Score: %0.39
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 4.8

    MEDIUM
    CVE-2022-42094

    Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.... Read more

    Affected Products : backdrop
    • EPSS Score: %17.37
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-41712

    Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter.... Read more

    Affected Products : frappe
    • EPSS Score: %0.11
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025

  • 8.2

    HIGH
    CVE-2022-41706

    Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.... Read more

    Affected Products : browsershot
    • EPSS Score: %0.14
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-41705

    Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.... Read more

    Affected Products : badaso
    • EPSS Score: %2.63
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025
Showing 20 of 291269 Results