Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2022-1029

    The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_... Read more

    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1028

    The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-S... Read more

    Affected Products : wordpress_security
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1027

    The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator use... Read more

    Affected Products : page_restriction
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2022-1026

    Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.... Read more

    Affected Products : net_viewer
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2022-1025

    All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.... Read more

    Affected Products : argo-cd argo_cd
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-1023

    The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file... Read more

    Affected Products : podcast_importer_secondline
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-1022

    Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.5.0.... Read more

    Affected Products : chatwoot
    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2022-1021

    Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0.... Read more

    Affected Products : chatwoot
    • Published: Aug. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1020

    The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does no... Read more

    Affected Products : woo_product_table
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1019

    Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a m... Read more

    Affected Products : webctrl_server
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1018

    When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a r... Read more

    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1016

    A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, un... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 6.6

    MEDIUM
    CVE-2022-1015

    A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.... Read more

    Affected Products : linux_kernel fedora
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1014

    The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability.... Read more

    Affected Products : wp_contacts_manager
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1013

    The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.... Read more

    Affected Products : personal_dictionary
    • Published: May. 09, 2022
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2022-1012

    A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1011

    A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.... Read more

    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1010

    The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_ht... Read more

    Affected Products : login_using_wordpress_users
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1009

    The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be su... Read more

    • Published: May. 30, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-1008

    The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed... Read more

    Affected Products : one_click_demo_import
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294504 Results