Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2022-1387

    The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed... Read more

    Affected Products : no_future_posts
    • Published: May. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1386

    The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This cou... Read more

    Affected Products : avada fusion_builder
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2022-1385

    Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channe... Read more

    Affected Products : mattermost_server mattermost
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1384

    Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which m... Read more

    Affected Products : mattermost_server mattermost
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1383

    Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.8. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or c... Read more

    Affected Products : radare2
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-1382

    NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system.... Read more

    Affected Products : radare2
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1381

    global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution... Read more

    Affected Products : fedora vim macos
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-1380

    Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.... Read more

    Affected Products : snipe-it
    • Published: Apr. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-1379

    URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessi... Read more

    Affected Products : fedora plantuml
    • Published: May. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-1378

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system comma... Read more

    Affected Products : diaenergie
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-1377

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system comm... Read more

    Affected Products : diaenergie
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-1376

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system ... Read more

    Affected Products : diaenergie
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-1375

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system com... Read more

    Affected Products : diaenergie
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-1374

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system comma... Read more

    Affected Products : diaenergie
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-1373

    The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore c... Read more

    • Published: Aug. 17, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-1372

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.... Read more

    Affected Products : diaenergie
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-1371

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.... Read more

    Affected Products : diaenergie
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-1370

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.... Read more

    Affected Products : diaenergie
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-1369

    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.... Read more

    Affected Products : diaenergie
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1368

    The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by mo... Read more

    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294533 Results