Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2022-45535

    AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information.... Read more

    Affected Products : aerocms
    • Published: Nov. 22, 2022
    • Modified: Apr. 25, 2025

  • 4.9

    MEDIUM
    CVE-2022-45529

    AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information.... Read more

    Affected Products : aerocms
    • Published: Nov. 22, 2022
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2022-45331

    AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information.... Read more

    Affected Products : aerocms
    • Published: Nov. 22, 2022
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2022-45330

    AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information.... Read more

    Affected Products : aerocms
    • Published: Nov. 22, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44808

    A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can proces... Read more

    Affected Products : dir-823g_firmware dir-823g
    • Published: Nov. 22, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44252

    TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44251

    TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44250

    TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44249

    TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.... Read more

    Affected Products : lr350_firmware lr350
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44139

    Apartment Visitor Management System v1.0 is vulnerable to SQL Injection via /avms/index.php.... Read more

    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-44120

    dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php.... Read more

    Affected Products : dedecmsv6
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 4.8

    MEDIUM
    CVE-2022-42985

    The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).... Read more

    Affected Products : scratch_login
    • Published: Nov. 17, 2022
    • Modified: Apr. 25, 2025

  • 7.2

    HIGH
    CVE-2022-39833

    FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.... Read more

    Affected Products : filecloud
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 6.3

    MEDIUM
    CVE-2022-38753

    This update resolves a multi-factor authentication bypass attack... Read more

    Affected Products : netiq_advanced_authentication
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-38147

    Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).... Read more

    Affected Products : framework assets
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-38145

    Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 3) via remote attackers adding a Javascript payload to a page's meta description and get it executed in the versioned history compare view.... Read more

    Affected Products : silverstripe framework
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2022-37772

    Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised... Read more

    Affected Products : maarch_rm
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-37430

    Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link (issue 2 of 2).... Read more

    Affected Products : framework
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-37429

    Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 of 2) via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.... Read more

    Affected Products : framework
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-37421

    Silverstripe silverstripe/cms through 4.11.0 allows XSS.... Read more

    Affected Products : silverstripe
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025
Showing 20 of 293620 Results