Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2022-1077

    A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initi... Read more

    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1076

    A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The manipulation of the argument First Name/Middle Name/Last N... Read more

    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1075

    A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file /cwms/classes/Master.php?f=save_contact of the component Contact Handler. The manipulation leads to persistent cross site ... Read more

    Affected Products : college_website_management_system
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1074

    A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input <h1>HTML Injection</h1> in the WiFi settings of the dashboard leads to html injection.... Read more

    Affected Products : flex-1085_firmware flex-1085
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1073

    A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely.... Read more

    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2022-1071

    User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.... Read more

    Affected Products : mruby
    • Published: Mar. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1069

    A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.... Read more

    • Published: Aug. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1068

    Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used.... Read more

    Affected Products : modbus_slave
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1067

    Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting.... Read more

    Affected Products : patient_portal
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2022-1065

    A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior to R4 of 2022-01-15; v2020 v... Read more

    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2022-1064

    SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.... Read more

    Affected Products : fork_cms
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1063

    The Thank Me Later WordPress plugin through 3.3.4 does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admin to perform Cross-Site Scripting attacks even when the... Read more

    Affected Products : thank_me_later
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1062

    The th23 Social WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : th23_social
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1061

    Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.... Read more

    Affected Products : radare2
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-1058

    Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.... Read more

    Affected Products : gitea
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1057

    The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection... Read more

    Affected Products : pricing_deals_for_woocommerce
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1056

    Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.... Read more

    Affected Products : active_iq_unified_manager libtiff
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2022-1055

    A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5... Read more

    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-1054

    The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve ... Read more

    Affected Products : rsvp_and_event_management
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-1053

    Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to p... Read more

    Affected Products : fedora keylime
    • Published: May. 06, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294447 Results