Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-1471

    SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing unt... Read more

    Affected Products : snakeyaml
    • Published: Dec. 01, 2022
    • Modified: Jun. 18, 2025

  • 9.8

    CRITICAL
    CVE-2022-1388

    On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: ... Read more

    • Actively Exploited
    • Published: May. 05, 2022
    • Modified: Apr. 02, 2025

  • 9.8

    CRITICAL
    CVE-2022-1286

    heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.... Read more

    Affected Products : mruby
    • Published: Apr. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1300

    Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service.... Read more

    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1368

    The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by mo... Read more

    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1253

    Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.... Read more

    Affected Products : libde265
    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1360

    The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings.... Read more

    Affected Products : cnmaestro
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1245

    A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could all... Read more

    • Published: Jul. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1057

    The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection... Read more

    Affected Products : pricing_deals_for_woocommerce
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1078

    A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with the input ' and (select * from(s... Read more

    Affected Products : college_website_management_system
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1040

    An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.... Read more

    Affected Products : sfos firewall firewall_firmware
    • Actively Exploited
    • Published: Mar. 25, 2022
    • Modified: Mar. 13, 2025

  • 9.8

    CRITICAL
    CVE-2022-1080

    A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can b... Read more

    Affected Products : one_church_management_system
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1013

    The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.... Read more

    Affected Products : personal_dictionary
    • Published: May. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0885

    The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.... Read more

    Affected Products : member_hero
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1014

    The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability.... Read more

    Affected Products : wp_contacts_manager
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0923

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute syst... Read more

    Affected Products : diaenergie
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0895

    Static Code Injection in GitHub repository microweber/microweber prior to 1.3.... Read more

    Affected Products : microweber cockpit
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1073

    A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely.... Read more

    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0836

    The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users... Read more

    Affected Products : sema_api
    • Published: May. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0826

    The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users... Read more

    Affected Products : wp-video-gallery-free
    • Published: May. 09, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292812 Results