Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-0904

    A stack overflow bug in the document extractor in Mattermost Server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted Apple Pages document.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0903

    A call stack overflow bug in the SAML login feature in Mattermost server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted POST body.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0902

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), ... Read more

    • Published: Jul. 21, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0901

    The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters... Read more

    Affected Products : ad_inserter
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0900

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS.This issue affects DivvyDrive: from unspecified before v.4.6.2.0.... Read more

    Affected Products : divvy_drive
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0899

    The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : header_footer_code_manager
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0898

    The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues... Read more

    Affected Products : igniteup
    • Published: May. 09, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0897

    A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently mod... Read more

    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0896

    Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.... Read more

    Affected Products : microweber cockpit
    • Published: Mar. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0895

    Static Code Injection in GitHub repository microweber/microweber prior to 1.3.... Read more

    Affected Products : microweber cockpit
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2022-0894

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.... Read more

    Affected Products : pimcore
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2022-0893

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.... Read more

    Affected Products : pimcore
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0892

    The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : export_all_urls
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0891

    A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential informa... Read more

    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0890

    NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2.... Read more

    Affected Products : mruby
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-0889

    The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to reflected cross-site scripting due to missing sanitization of the files filename parameter found in the ~/includes/ajax/controllers/uploads.php file which can be used by unauthenti... Read more

    Affected Products : ninja_forms_file_uploads
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0888

    The Ninja Forms - File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthe... Read more

    Affected Products : ninja_forms_file_uploads
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-0887

    The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability.... Read more

    Affected Products : easy_social_icons
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0885

    The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.... Read more

    Affected Products : member_hero
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0884

    The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : profile_builder
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294452 Results