Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2023-46967

    Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket.... Read more

    Affected Products : osticket
    • Published: Feb. 20, 2024
    • Modified: Apr. 25, 2025

  • 4.0

    MEDIUM
    CVE-2024-25260

    elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.... Read more

    Affected Products : elfutils
    • Published: Feb. 20, 2024
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2023-47422

    An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.... Read more

    • Published: Feb. 20, 2024
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-56431

    oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. NOTE: this is disputed by third parties because there is no evidence of a security impact, e.g., an application would not crash.... Read more

    Affected Products : libtheora theora
    • Published: Dec. 25, 2024
    • Modified: Apr. 25, 2025

  • 9.1

    CRITICAL
    CVE-2022-45909

    drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request.... Read more

    Affected Products : drachtio-server
    • EPSS Score: %0.15
    • Published: Nov. 26, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-45908

    In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.... Read more

    Affected Products : paddlepaddle
    • EPSS Score: %0.14
    • Published: Nov. 26, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-45907

    In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.... Read more

    Affected Products : pytorch
    • EPSS Score: %0.28
    • Published: Nov. 26, 2022
    • Modified: Apr. 25, 2025

  • 4.7

    MEDIUM
    CVE-2022-45887

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.... Read more

    • EPSS Score: %0.01
    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45280

    A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : eyoucms
    • EPSS Score: %0.08
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-45278

    Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.... Read more

    Affected Products : jizhicms
    • EPSS Score: %0.06
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-45276

    An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password.... Read more

    Affected Products : yjcms
    • EPSS Score: %0.26
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 4.8

    MEDIUM
    CVE-2022-45221

    Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew... Read more

    • EPSS Score: %0.09
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 6.1

    MEDIUM
    CVE-2022-45214

    A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php.... Read more

    Affected Products : sanitization_management_system
    • EPSS Score: %0.11
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45151

    The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in con... Read more

    Affected Products : moodle fedora
    • EPSS Score: %0.19
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 6.1

    MEDIUM
    CVE-2022-45150

    A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary H... Read more

    Affected Products : moodle fedora
    • EPSS Score: %0.21
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45149

    A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remot... Read more

    Affected Products : moodle fedora
    • EPSS Score: %0.19
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-44789

    A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.... Read more

    Affected Products : fedora debian_linux mujs
    • EPSS Score: %4.16
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44400

    Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info.... Read more

    Affected Products : purchase_order_management_system
    • EPSS Score: %0.33
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44399

    Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.... Read more

    Affected Products : poultry_farm_management_system
    • EPSS Score: %0.07
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-44284

    Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products : dag2000-16o_firmware dag2000-16o
    • EPSS Score: %0.10
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025
Showing 20 of 291756 Results