Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2022-1052

    Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.... Read more

    Affected Products : radare2
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1051

    The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to... Read more

    Affected Products : wpqa_builder
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1050

    A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.... Read more

    Affected Products : qemu
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1049

    A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access cou... Read more

    Affected Products : debian_linux pcs
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2022-1048

    A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to cra... Read more

    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1047

    The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability.... Read more

    Affected Products : post_type_builder_search_addon
    • Published: May. 09, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1046

    The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : visual_form_builder
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2022-1045

    Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.... Read more

    Affected Products : trudesk
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2022-1044

    Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1.... Read more

    Affected Products : trudesk
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1043

    A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1042

    In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.... Read more

    Affected Products : zephyr
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1041

    In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.... Read more

    Affected Products : zephyr
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-1039

    The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by defaul... Read more

    Affected Products : da50n_firmware da50n
    • Published: Apr. 20, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-1037

    The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs... Read more

    Affected Products : exmage
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1036

    Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.... Read more

    Affected Products : microweber cockpit
    • Published: Mar. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1035

    Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV.... Read more

    Affected Products : gpac
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-1034

    There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4.... Read more

    Affected Products : showdoc
    • Published: Mar. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1033

    Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.... Read more

    Affected Products : crater
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-1032

    Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.... Read more

    Affected Products : crater
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1031

    Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6.... Read more

    Affected Products : radare2
    • Published: Mar. 22, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294447 Results