Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2022-0890

    NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2.... Read more

    Affected Products : mruby
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-0889

    The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/controllers/uploads.php file which can be used by unauthenti... Read more

    Affected Products : ninja_forms_file_uploads
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0888

    The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthe... Read more

    Affected Products : ninja_forms_file_uploads
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-0887

    The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability.... Read more

    Affected Products : easy_social_icons
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0885

    The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.... Read more

    Affected Products : member_hero
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0884

    The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : profile_builder
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0883

    SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched.... Read more

    Affected Products : windows snow_license_manager
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0882

    A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater.... Read more

    Affected Products : fuchsia
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2022-0881

    Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.... Read more

    Affected Products : peertube
    • Published: Mar. 09, 2022
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2022-0880

    Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.... Read more

    Affected Products : showdoc
    • Published: Mar. 12, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0879

    The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : caldera_forms
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0878

    Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided... Read more

    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2022-0877

    Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3.... Read more

    Affected Products : bookstack
    • Published: Mar. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0876

    The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : social_comments
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0875

    The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks... Read more

    Affected Products : google_authenticator
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0874

    The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.... Read more

    Affected Products : wp_social_buttons
    • Published: May. 09, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0873

    The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even... Read more

    Affected Products : gmedia_gallery
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-0871

    Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.... Read more

    Affected Products : gogs
    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-0870

    Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.... Read more

    Affected Products : gogs
    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0869

    Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.... Read more

    Affected Products : spirit
    • Published: Mar. 06, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294359 Results