Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2022-1405

    CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition.... Read more

    Affected Products : cncsoft
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-1404

    Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition.... Read more

    Affected Products : cncsoft
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1403

    ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition.... Read more

    Affected Products : asda_soft
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1402

    ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition.... Read more

    Affected Products : asda_soft
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1401

    Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB version... Read more

    Affected Products : cmdb
    • Published: Aug. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1400

    Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions ... Read more

    Affected Products : cmdb
    • Published: Aug. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-1399

    An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42... Read more

    Affected Products : cmdb
    • Published: Aug. 17, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1398

    The External Media without Import WordPress plugin through 1.1.2 does not have any authorisation and does to ensure that medias added via URLs are external medias, which could allow any authenticated users, such as subscriber to perform blind SSRF attacks... Read more

    Affected Products : external_media_without_import
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2022-1397

    API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.... Read more

    Affected Products : easyappointments
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1396

    The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed... Read more

    Affected Products : donorbox
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1395

    The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is disallowed... Read more

    Affected Products : easy_faq_with_expanding_text
    • Published: May. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1394

    The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed... Read more

    Affected Products : photo_gallery
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1393

    The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via [wp_subtitle]. The subtitle is stored as a custom post meta with the key: "wps_subtitle", which is sanitized upon post save/update, however is n... Read more

    Affected Products : wp_subtitle
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1392

    The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues... Read more

    Affected Products : videos_sync_pdf
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1391

    The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.... Read more

    Affected Products : cab_fare_calculator
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1390

    The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte techni... Read more

    Affected Products : admin_word_count_column
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1389

    On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacke... Read more

    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1387

    The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed... Read more

    Affected Products : no_future_posts
    • Published: May. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1386

    The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This cou... Read more

    Affected Products : avada fusion_builder
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2022-1385

    Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channe... Read more

    Affected Products : mattermost_server mattermost
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294530 Results