Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-1360

    The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings.... Read more

    Affected Products : cnmaestro
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1359

    The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server... Read more

    Affected Products : cnmaestro
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1358

    The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database.... Read more

    Affected Products : cnmaestro
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1357

    The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger comm... Read more

    Affected Products : cnmaestro
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1356

    cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands.... Read more

    Affected Products : cnmaestro
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1355

    A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash tha... Read more

    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1354

    A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a ... Read more

    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-1353

    A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.... Read more

    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-1352

    Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ... Read more

    Affected Products : gitlab
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2022-1351

    Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4.... Read more

    Affected Products : pimcore
    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1350

    A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remo... Read more

    Affected Products : ghostpcl
    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1349

    The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the image_id parameter of the ajax action wpqa_remove_image belongs to the requesting user, allowing any u... Read more

    Affected Products : wpqa_builder
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-1347

    Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation... Read more

    Affected Products : organizr
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2022-1346

    Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.... Read more

    Affected Products : organizr
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2022-1345

    Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.... Read more

    Affected Products : organizr
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2022-1344

    Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.... Read more

    Affected Products : organizr
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2022-1342

    A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to... Read more

    Affected Products : remote_desktop_manager
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1341

    An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in get_cmdln_options() function in src/options.c.... Read more

    Affected Products : bwm-ng
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2022-1340

    Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.... Read more

    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1339

    SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data... Read more

    Affected Products : pimcore
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294528 Results