Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2022-45013

    A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field.... Read more

    Affected Products : wbce_cms
    • EPSS Score: %0.12
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 4.8

    MEDIUM
    CVE-2022-45012

    A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field.... Read more

    Affected Products : wbce_cms
    • EPSS Score: %0.12
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2022-44830

    Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.... Read more

    Affected Products : event_registration_application
    • EPSS Score: %1.90
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-44788

    An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login.... Read more

    Affected Products : appalti_\&_contratti
    • EPSS Score: %0.11
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2022-44787

    An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victi... Read more

    Affected Products : appalti_\&_contratti
    • EPSS Score: %0.11
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-44786

    An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This affects ApriPagina.do POST and GET requests to each applic... Read more

    Affected Products : appalti_\&_contratti
    • EPSS Score: %0.12
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-44785

    An issue was discovered in Appalti & Contratti 9.12.2. The target web applications are subject to multiple SQL Injection vulnerabilities, some of which executable even by unauthenticated users, as demonstrated by the GetListaEnti.do cfamm parameter.... Read more

    Affected Products : appalti_\&_contratti
    • EPSS Score: %0.18
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2022-44784

    An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Loca... Read more

    Affected Products : appalti_\&_contratti
    • EPSS Score: %0.28
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 5.5

    MEDIUM
    CVE-2022-44647

    An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privil... Read more

    Affected Products : windows apex_one
    • EPSS Score: %0.06
    • Published: Dec. 12, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-44168

    Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic..... Read more

    Affected Products : ac15_firmware ac15
    • EPSS Score: %0.10
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-44167

    Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer.... Read more

    Affected Products : ac15_firmware ac15
    • EPSS Score: %0.10
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 7.5

    HIGH
    CVE-2022-44163

    Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.... Read more

    Affected Products : ac21_firmware ac21
    • EPSS Score: %0.10
    • Published: Nov. 21, 2022
    • Modified: Apr. 29, 2025

  • 6.7

    MEDIUM
    CVE-2022-43192

    An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886.... Read more

    Affected Products : dedecms
    • EPSS Score: %0.03
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 8.8

    HIGH
    CVE-2022-43183

    XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java.... Read more

    Affected Products : xxl-job
    • EPSS Score: %19.93
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 6.5

    MEDIUM
    CVE-2022-43171

    A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file.... Read more

    Affected Products : lief
    • EPSS Score: %0.15
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 7.2

    HIGH
    CVE-2022-43163

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /clients/view_client.php.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 7.2

    HIGH
    CVE-2022-43162

    Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/view_test.php.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 6.1

    MEDIUM
    CVE-2022-43142

    A cross-site scripting (XSS) vulnerability in the add-fee.php component of Password Storage Application v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.... Read more

    Affected Products : password_storage_application
    • EPSS Score: %0.15
    • Published: Nov. 17, 2022
    • Modified: Apr. 29, 2025

  • 9.8

    CRITICAL
    CVE-2022-41326

    The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the ... Read more

    Affected Products : micollab
    • EPSS Score: %3.00
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025

  • 7.8

    HIGH
    CVE-2022-41131

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to... Read more

    • EPSS Score: %0.19
    • Published: Nov. 22, 2022
    • Modified: Apr. 29, 2025
Showing 20 of 291312 Results