Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-1919

    Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1918

    The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it possible for unauthenticated attackers ... Read more

    Affected Products : toolbar_to_share
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1916

    The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenti... Read more

    Affected Products : woot
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1915

    The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite)... Read more

    Affected Products : wp_zillow_review_slider
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1914

    The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and esc... Read more

    Affected Products : clean-contact
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1913

    The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sa... Read more

    Affected Products : add_post_url
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-1911

    Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.... Read more

    Affected Products : m-files_server
    • Published: Nov. 30, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1910

    The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting... Read more

    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2022-1909

    Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200.... Read more

    Affected Products : organizr
    • Published: May. 27, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-1908

    Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.... Read more

    Affected Products : libmobi
    • Published: May. 27, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-1907

    Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.... Read more

    Affected Products : libmobi
    • Published: May. 27, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1906

    The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific ... Read more

    Affected Products : copyright_proof
    • Published: Aug. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1905

    The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection... Read more

    Affected Products : events_made_easy
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1904

    The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Re... Read more

    Affected Products : easy_pricing_tables
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-1903

    The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary use... Read more

    Affected Products : armember
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1902

    A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can esca... Read more

    Affected Products : advanced_cluster_security
    • Published: Sep. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-1901

    In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Aug. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-1899

    Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.... Read more

    Affected Products : radare2
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1898

    Use After Free in GitHub repository vim/vim prior to 8.2.... Read more

    Affected Products : fedora debian_linux vim macos
    • Published: May. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1897

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.... Read more

    Affected Products : fedora debian_linux vim macos
    • Published: May. 27, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294701 Results