Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-45908

    In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.... Read more

    Affected Products : paddlepaddle
    • Published: Nov. 26, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-45907

    In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.... Read more

    Affected Products : pytorch
    • Published: Nov. 26, 2022
    • Modified: Apr. 25, 2025

  • 4.7

    MEDIUM
    CVE-2022-45887

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.... Read more

    • Published: Nov. 25, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45280

    A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : eyoucms
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-45278

    Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.... Read more

    Affected Products : jizhicms
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-45276

    An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password.... Read more

    Affected Products : yjcms
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 4.8

    MEDIUM
    CVE-2022-45221

    Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew... Read more

    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 6.1

    MEDIUM
    CVE-2022-45214

    A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php.... Read more

    Affected Products : sanitization_management_system
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45151

    The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in con... Read more

    Affected Products : moodle fedora
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 6.1

    MEDIUM
    CVE-2022-45150

    A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary H... Read more

    Affected Products : moodle fedora
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-45149

    A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remot... Read more

    Affected Products : moodle fedora
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-44789

    A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.... Read more

    Affected Products : fedora debian_linux mujs
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44400

    Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info.... Read more

    Affected Products : purchase_order_management_system
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44399

    Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.... Read more

    Affected Products : poultry_farm_management_system
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-44284

    Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS).... Read more

    Affected Products : dag2000-16o_firmware dag2000-16o
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44283

    AVS Audio Converter 10.3 is vulnerable to Buffer Overflow.... Read more

    Affected Products : avs_audio_converter
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 6.5

    MEDIUM
    CVE-2022-44280

    Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img.... Read more

    Affected Products : automotive_shop_management_system
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 7.2

    HIGH
    CVE-2022-44278

    Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=.... Read more

    Affected Products : sanitization_management_system
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-44260

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-44259

    TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025
Showing 20 of 293555 Results