Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2022-1800

    The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability.... Read more

    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1799

    Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release.... Read more

    • Published: Jul. 29, 2022
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2022-1798

    A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 1... Read more

    Affected Products : kubevirt
    • Published: Sep. 15, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2022-1797

    A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user w... Read more

    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1796

    Use After Free in GitHub repository vim/vim prior to 8.2.4979.... Read more

    Affected Products : vim
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1795

    Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.... Read more

    Affected Products : gpac
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1794

    The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system.... Read more

    Affected Products : windows opc_da_server
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1793

    The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public... Read more

    Affected Products : private_files
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1792

    The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation ... Read more

    Affected Products : quick_subscribe
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-1791

    The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available up... Read more

    Affected Products : one_click_plugin_updater
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1790

    The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : new_user_email_set_up
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 6.9

    MEDIUM
    CVE-2022-1789

    With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.... Read more

    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1788

    Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files... Read more

    Affected Products : change_uploaded_file_permissions
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1787

    The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisa... Read more

    Affected Products : sideblog
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1786

    A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privil... Read more

    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1785

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.... Read more

    Affected Products : debian_linux vim
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1784

    Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8.... Read more

    Affected Products : drawio
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-1783

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add... Read more

    Affected Products : gitlab
    • Published: Jun. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2022-1782

    Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para prior to v1.45.11.... Read more

    Affected Products : para
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1781

    The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack ... Read more

    Affected Products : posttabs
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294633 Results