Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2022-1904

    The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Re... Read more

    Affected Products : easy_pricing_tables
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-1903

    The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary use... Read more

    Affected Products : armember
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1902

    A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can esca... Read more

    Affected Products : advanced_cluster_security
    • Published: Sep. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-1901

    In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Aug. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-1899

    Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.... Read more

    Affected Products : radare2
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1898

    Use After Free in GitHub repository vim/vim prior to 8.2.... Read more

    Affected Products : fedora debian_linux vim macos
    • Published: May. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1897

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.... Read more

    Affected Products : fedora debian_linux vim macos
    • Published: May. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1896

    The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletred_htm... Read more

    Affected Products : underconstruction
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1895

    The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack... Read more

    Affected Products : underconstruction
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1894

    The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed... Read more

    Affected Products : popup_builder
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-1893

    Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3.... Read more

    Affected Products : trudesk
    • Published: May. 31, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1892

    A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.... Read more

    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1891

    A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.... Read more

    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1890

    A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.... Read more

    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1889

    The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed... Read more

    Affected Products : newsletter
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1888

    Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code.... Read more

    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1886

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.... Read more

    Affected Products : fedora vim
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1885

    The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : cimy_header_image_rotator
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-1883

    SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0.... Read more

    Affected Products : terraboard
    • Published: May. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1882

    A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escal... Read more

    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294728 Results