Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2022-1789

    With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.... Read more

    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1788

    Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files... Read more

    Affected Products : change_uploaded_file_permissions
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1787

    The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisa... Read more

    Affected Products : sideblog
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1786

    A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privil... Read more

    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1785

    Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.... Read more

    Affected Products : debian_linux vim
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1784

    Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8.... Read more

    Affected Products : drawio
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2022-1783

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add... Read more

    Affected Products : gitlab
    • Published: Jun. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2022-1782

    Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para prior to v1.45.11.... Read more

    Affected Products : para
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1781

    The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack ... Read more

    Affected Products : posttabs
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1780

    The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack which could also lead to Stored Cross-Site Scripting due to the... Read more

    Affected Products : latex
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-1779

    The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at... Read more

    Affected Products : auto_delete_posts
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1778

    Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator a... Read more

    Affected Products : microscada_x_sys600 sys600
    • Published: Sep. 14, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1777

    The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashb... Read more

    Affected Products : filr
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1776

    The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks... Read more

    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1775

    Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.... Read more

    Affected Products : trudesk
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2022-1774

    Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.... Read more

    Affected Products : drawio
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1773

    The WP Athletics WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : wp_athletics
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1772

    The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to ... Read more

    Affected Products : google_places_reviews
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1771

    Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.... Read more

    Affected Products : vim
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-1770

    Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2.... Read more

    Affected Products : trudesk
    • Published: May. 20, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294690 Results