Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2022-1771

    Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.... Read more

    Affected Products : vim
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-1770

    Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2.... Read more

    Affected Products : trudesk
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1769

    Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.... Read more

    Affected Products : fedora vim macos
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1768

    The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthen... Read more

    Affected Products : rsvpmaker
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1767

    Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.... Read more

    Affected Products : drawio
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1766

    Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will add the credentials used to access Anchore Enterprise API in the Software Bill of Materials (SBOM) generated by anchore... Read more

    Affected Products : anchore anchorectl
    • Published: Jul. 20, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1765

    The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks (due to copyright violations or licensing rules).... Read more

    Affected Products : hot_linked_image_cacher
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1764

    The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sa... Read more

    Affected Products : wp-chgfontsize
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1763

    Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting ... Read more

    Affected Products : static_page_extended
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1762

    The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.... Read more

    Affected Products : iq_block_country
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1761

    The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more.... Read more

    Affected Products : peter\'s_collaboration_e-mails
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1759

    The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : rb_internal_links
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1758

    The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when cust... Read more

    Affected Products : genki_pre-publish_reminder
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1757

    The pagebar WordPress plugin before 2.70 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it co... Read more

    Affected Products : pagebar
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1756

    The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable... Read more

    Affected Products : newsletter
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2022-1754

    Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2.... Read more

    Affected Products : trudesk
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1753

    A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible t... Read more

    Affected Products : wowonder
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2022-1752

    Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2.... Read more

    Affected Products : trudesk
    • Published: May. 21, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1748

    Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.... Read more

    • Published: Aug. 17, 2022
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2022-1738

    Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to an out-of-bounds read, which could allow an attacker to leak sensitive data from the process memory.... Read more

    Affected Products : d300win
    • Published: Oct. 19, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294605 Results