Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2022-45214

    A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php.... Read more

    Affected Products : sanitization_management_system
    • EPSS Score: %0.11
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45151

    The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in con... Read more

    Affected Products : moodle fedora
    • EPSS Score: %0.19
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 6.1

    MEDIUM
    CVE-2022-45150

    A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary H... Read more

    Affected Products : moodle fedora
    • EPSS Score: %0.21
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45149

    A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remot... Read more

    Affected Products : moodle fedora
    • EPSS Score: %0.19
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-44789

    A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.... Read more

    Affected Products : fedora debian_linux mujs
    • EPSS Score: %4.16
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44400

    Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info.... Read more

    Affected Products : purchase_order_management_system
    • EPSS Score: %0.33
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44399

    Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.... Read more

    Affected Products : poultry_farm_management_system
    • EPSS Score: %0.07
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-44284

    Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products : dag2000-16o_firmware dag2000-16o
    • EPSS Score: %0.10
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44283

    AVS Audio Converter 10.3 is vulnerable to Buffer Overflow.... Read more

    Affected Products : avs_audio_converter
    • EPSS Score: %0.09
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 6.5

    MEDIUM
    CVE-2022-44280

    Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img.... Read more

    Affected Products : automotive_shop_management_system
    • EPSS Score: %0.07
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 7.2

    HIGH
    CVE-2022-44278

    Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=.... Read more

    Affected Products : sanitization_management_system
    • EPSS Score: %0.09
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-44260

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function.... Read more

    Affected Products : lr350_firmware lr350
    • EPSS Score: %0.21
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-44259

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function.... Read more

    Affected Products : lr350_firmware lr350
    • EPSS Score: %0.21
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-44258

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function.... Read more

    Affected Products : lr350_firmware lr350
    • EPSS Score: %0.21
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-44257

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter pppoeUser in the setOpModeCfg function.... Read more

    Affected Products : lr350_firmware lr350
    • EPSS Score: %0.21
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-44256

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function.... Read more

    Affected Products : nr1800x_firmware nr1800x
    • EPSS Score: %0.21
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44255

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.... Read more

    Affected Products : lr350_firmware lr350
    • EPSS Score: %0.21
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-44254

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter text in the setSmsCfg function.... Read more

    Affected Products : lr350_firmware lr350
    • EPSS Score: %0.21
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-44253

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function.... Read more

    Affected Products : lr350_firmware lr350
    • EPSS Score: %0.21
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-44140

    Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.... Read more

    Affected Products : jizhicms
    • EPSS Score: %0.06
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025
Showing 20 of 291878 Results