Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2022-0768

    Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2.... Read more

    Affected Products : alltube alltube
    • Published: Feb. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-0767

    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.... Read more

    Affected Products : calibre-web calibre-web
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0766

    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.... Read more

    Affected Products : calibre-web calibre-web
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0765

    The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin (Translator... Read more

    Affected Products : loco_translate
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-0764

    Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0.... Read more

    Affected Products : strapi
    • Published: Feb. 26, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0763

    Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0762

    Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3. ... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0760

    The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an una... Read more

    Affected Products : simple_link_directory
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-0759

    A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up acce... Read more

    Affected Products : kubeclient
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0758

    Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, prov... Read more

    Affected Products : nexpose
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0757

    Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators ... Read more

    Affected Products : nexpose
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0756

    Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.... Read more

    Affected Products : suitecrm
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0755

    Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.... Read more

    Affected Products : suitecrm
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0754

    SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5.... Read more

    Affected Products : suitecrm
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0753

    Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.... Read more

    Affected Products : control_panel
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0752

    Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.... Read more

    Affected Products : control_panel
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0751

    Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands... Read more

    Affected Products : gitlab
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0749

    This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restricti... Read more

    Affected Products : singoocms.utility
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0748

    The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed.... Read more

    Affected Products : post-loader
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0747

    The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthen... Read more

    Affected Products : infographic_maker
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294348 Results