Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-44949

    Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML ... Read more

    Affected Products : rukovoditel
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-44948

    Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a c... Read more

    Affected Products : rukovoditel
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-44947

    Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or... Read more

    Affected Products : rukovoditel
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-44946

    Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via ... Read more

    Affected Products : rukovoditel
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-44945

    Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.... Read more

    Affected Products : rukovoditel
    • Published: Dec. 02, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-44039

    Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ¶¶ An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of "fopen... Read more

    Affected Products : colibri_firmware
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 7.5

    HIGH
    CVE-2022-44009

    Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information.... Read more

    Affected Products : stackstorm
    • Published: Dec. 06, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-43706

    Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users.... Read more

    Affected Products : stackstorm
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.1

    MEDIUM
    CVE-2022-43556

    Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to XSS in the text input field since the result dashboard page output is not sanitized. The Concrete CMS security team has ranked this 4.2 with CVSS v3.1 vector AV:N/... Read more

    Affected Products : concrete_cms concrete5
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 8.8

    HIGH
    CVE-2022-43553

    A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later.... Read more

    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 9.8

    CRITICAL
    CVE-2022-43549

    Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 allows attackers to bypass authentication mechanisms.... Read more

    Affected Products : veeam_backup_for_google_cloud
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 8.1

    HIGH
    CVE-2022-43548

    A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before mak... Read more

    Affected Products : debian_linux node.js
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 5.3

    MEDIUM
    CVE-2022-43504

    Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patche... Read more

    Affected Products : wordpress
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.1

    MEDIUM
    CVE-2022-43500

    Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.... Read more

    Affected Products : wordpress
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-43499

    Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.... Read more

    Affected Products : shirasagi
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.1

    MEDIUM
    CVE-2022-43497

    Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7.... Read more

    Affected Products : wordpress
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 6.1

    MEDIUM
    CVE-2022-43487

    Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script.... Read more

    Affected Products : salon_booking_system
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 7.8

    HIGH
    CVE-2022-43484

    TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vul... Read more

    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 4.8

    MEDIUM
    CVE-2022-3909

    The Add Comments WordPress plugin through 1.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : add_comments
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025

  • 4.8

    MEDIUM
    CVE-2022-3892

    The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability ... Read more

    Affected Products : wp_oauth_server oauth_server
    • Published: Dec. 05, 2022
    • Modified: Apr. 24, 2025
Showing 20 of 293566 Results