Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2022-1335

    The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed... Read more

    Affected Products : slideshow_ck
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1334

    The WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : wp_youtube_live
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1333

    Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests l... Read more

    Affected Products : playbooks
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1332

    One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file cont... Read more

    Affected Products : mattermost_server mattermost
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1331

    In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure.... Read more

    Affected Products : dmars
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2022-1330

    stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss .... Read more

    Affected Products : fullpage
    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1329

    The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site da... Read more

    Affected Products : website_builder
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-1328

    Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line... Read more

    Affected Products : fedora debian_linux mutt
    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1327

    The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : image_gallery
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1326

    The Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : form_-_contact_form
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1325

    A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from di... Read more

    Affected Products : cimg
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1324

    The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : event_timeline
    • Published: Aug. 01, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1323

    The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST reque... Read more

    Affected Products : discy wpqa_builder
    • Published: Aug. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1322

    The Coming Soon - Under Construction WordPress plugin through 1.1.9 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : coming_soon
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1321

    The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when... Read more

    Affected Products : google_authenticator
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1320

    The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : slider sliderby10web
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1319

    A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by C... Read more

    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 6.2

    MEDIUM
    CVE-2022-1318

    Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attack... Read more

    Affected Products : hills_comnav_firmware hills_comnav
    • Published: Apr. 20, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1316

    Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation ... Read more

    Affected Products : windows zerotierone
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1314

    Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294545 Results