Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2022-1006

    The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks... Read more

    Affected Products : advanced_booking_calendar
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1005

    The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters... Read more

    Affected Products : wp_statistics
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1004

    Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.... Read more

    Affected Products : otrs
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2022-1003

    One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configura... Read more

    Affected Products : mattermost_server mattermost
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1002

    Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1001

    The WP Downgrade WordPress plugin before 1.2.3 only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even ... Read more

    Affected Products : wp_downgrade
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-1000

    Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.... Read more

    Affected Products : tiny_file_manager
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2022-0999

    An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.... Read more

    Affected Products : mypro
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0998

    An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.... Read more

    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0997

    Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands bein... Read more

    Affected Products : deception network
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0996

    A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.... Read more

    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0995

    An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service ... Read more

    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0994

    The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : hummingbird
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0993

    The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon suc... Read more

    Affected Products : siteground_security
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2022-0991

    Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.... Read more

    Affected Products : admidio
    • Published: Mar. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-0990

    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.... Read more

    Affected Products : calibre-web calibre-web
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0989

    An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable do... Read more

    Affected Products : ns_watermark_for_woocommerce
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0988

    Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.... Read more

    Affected Products : diaenergie
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-0987

    A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.... Read more

    Affected Products : enterprise_linux packagekit
    • Published: Jun. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0986

    Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11.... Read more

    Affected Products : control_panel
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294533 Results