Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-45479

    PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H... Read more

    Affected Products : pc_keyboard_wifi\&bluetooth
    • Published: Dec. 05, 2022
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2022-45292

    User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted.... Read more

    Affected Products : funkwhale
    • Published: Dec. 09, 2022
    • Modified: Apr. 23, 2025

  • 9.1

    CRITICAL
    CVE-2022-45290

    Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java.... Read more

    Affected Products : kbase_doc
    • Published: Dec. 09, 2022
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2022-45275

    An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2022-45269

    A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files.... Read more

    Affected Products : linx_sphere
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 3.5

    LOW
    CVE-2022-45228

    Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross-Site Request Forgery in the logout page.... Read more

    Affected Products : lg01_lora_firmware lg01_lora
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2022-45227

    The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https://10.10.20.74/lib/. This address has a backup file which can be downloaded without any authentication.... Read more

    Affected Products : lg01_lora_firmware lg01_lora
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-45145

    egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.... Read more

    Affected Products : chicken
    • Published: Dec. 10, 2022
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2022-45009

    Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.... Read more

    Affected Products : online_leave_management_system
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 4.8

    MEDIUM
    CVE-2022-45008

    Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML... Read more

    Affected Products : online_leave_management_system
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 8.1

    HIGH
    CVE-2022-44942

    Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function.... Read more

    Affected Products : casdoor
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2022-44849

    A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account.... Read more

    Affected Products : metinfo
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2022-44637

    Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.... Read more

    Affected Products : redmine
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2022-44620

    Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.... Read more

    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2022-44608

    Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.... Read more

    Affected Products : cybozu_remote_service
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2022-44606

    OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.... Read more

    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2022-44393

    Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=.... Read more

    Affected Products : sanitization_management_system
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 8.8

    HIGH
    CVE-2022-44373

    A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution.... Read more

    Affected Products : tew-820ap_firmware tew-820ap
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 9.8

    CRITICAL
    CVE-2022-44371

    hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE).... Read more

    Affected Products : hope-boot
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2022-43668

    Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product.... Read more

    Affected Products : typora
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025
Showing 20 of 293617 Results