Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2022-1933

    The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting... Read more

    • Published: Jul. 17, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1932

    The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct ca... Read more

    Affected Products : rezgo_online_booking
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-1931

    Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.... Read more

    Affected Products : trudesk
    • Published: May. 31, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1930

    An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method... Read more

    Affected Products : eth-account
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1929

    An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method... Read more

    Affected Products : devcert
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1928

    Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9.... Read more

    Affected Products : gitea
    • Published: May. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1927

    Buffer Over-read in GitHub repository vim/vim prior to 8.2.... Read more

    Affected Products : fedora vim macos
    • Published: May. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2022-1926

    Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3.... Read more

    Affected Products : trudesk
    • Published: May. 31, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1925

    DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux elemen... Read more

    Affected Products : debian_linux gstreamer gst-plugins-bad
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1924

    DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used,... Read more

    Affected Products : debian_linux gstreamer gst-plugins-bad
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1923

    DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc use... Read more

    Affected Products : debian_linux gstreamer gst-plugins-bad
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1922

    DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on th... Read more

    Affected Products : debian_linux gstreamer gst-plugins-bad
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1921

    Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.... Read more

    Affected Products : debian_linux gstreamer gst-plugins-bad
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1920

    Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.... Read more

    Affected Products : debian_linux gstreamer gst-plugins-bad
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1919

    Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1918

    The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it possible for unauthenticated attackers ... Read more

    Affected Products : toolbar_to_share
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1916

    The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenti... Read more

    Affected Products : woot
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1915

    The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite)... Read more

    Affected Products : wp_zillow_review_slider
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1914

    The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and esc... Read more

    Affected Products : clean-contact
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1913

    The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sa... Read more

    Affected Products : add_post_url
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294695 Results