Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2022-1953

    The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unli... Read more

    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1952

    The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenti... Read more

    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1951

    The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the ... Read more

    Affected Products : core_plugin_for_kitestudio_themes
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1950

    The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection... Read more

    Affected Products : youzify
    • Published: Aug. 01, 2022
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2022-1948

    An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details.... Read more

    Affected Products : gitlab
    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-1947

    Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3.... Read more

    Affected Products : trudesk
    • Published: May. 31, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1946

    The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue... Read more

    Affected Products : gallery
    • Published: Jul. 04, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1945

    The Coming Soon & Maintenance Mode by Colorlib WordPress plugin before 1.0.99 does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Scripting when unfiltered_html is disallowed (for example in... Read more

    Affected Products : coming_soon_\&_maintenance_mode
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-1944

    When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminal... Read more

    Affected Products : gitlab
    • Published: Jun. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1943

    A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially... Read more

    Affected Products : linux_kernel
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1942

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.... Read more

    Affected Products : fedora debian_linux vim macos
    • Published: May. 31, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1941

    A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.... Read more

    • Published: Sep. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2022-1940

    A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim'... Read more

    Affected Products : gitlab
    • Published: Jun. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-1939

    The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to... Read more

    Affected Products : allow_svg_files
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1938

    The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the pl... Read more

    Affected Products : awin_data_feed
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1937

    The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : awin_data_feed
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1936

    Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token t... Read more

    Affected Products : gitlab
    • Published: Jun. 06, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1935

    Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token ... Read more

    Affected Products : gitlab
    • Published: Jun. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1934

    Use After Free in GitHub repository mruby/mruby prior to 3.2.... Read more

    Affected Products : mruby
    • Published: May. 31, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1933

    The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting... Read more

    • Published: Jul. 17, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294754 Results