Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2022-1261

    Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-l... Read more

    Affected Products : matrikon_opc_server
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1259

    A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.... Read more

    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2022-1258

    A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execut... Read more

    Affected Products : agent
    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1257

    Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database... Read more

    Affected Products : agent
    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1256

    A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory w... Read more

    Affected Products : agent
    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1255

    The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues... Read more

    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1254

    A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicio... Read more

    Affected Products : web_gateway
    • Published: Apr. 20, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1253

    Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.... Read more

    Affected Products : libde265
    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-1252

    Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an a... Read more

    Affected Products : gnuboard5 gnuboard
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1251

    The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.... Read more

    Affected Products : ask_me
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1250

    The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue... Read more

    Affected Products : lifterlms
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-1249

    A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daem... Read more

    Affected Products : pesign
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1248

    A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAP_Information_System/controllers/add_admin.php. An unauthenticated attacker is able to create a new admin account for the web a... Read more

    Affected Products : sap_information_system
    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2022-1247

    An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls ... Read more

    Affected Products : linux_kernel enterprise_linux fedora
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1245

    A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could all... Read more

    • Published: Jul. 08, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1244

    heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.... Read more

    Affected Products : radare2
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-1243

    CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11.... Read more

    Affected Products : uri.js urijs
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1241

    The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues... Read more

    Affected Products : ask_me ask_me
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1240

    Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very li... Read more

    Affected Products : radare2
    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1239

    The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks... Read more

    Affected Products : hubspot
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294538 Results