Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2022-1352

    Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ... Read more

    Affected Products : gitlab
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2022-1351

    Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4.... Read more

    Affected Products : pimcore
    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1350

    A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remo... Read more

    Affected Products : ghostpcl
    • Published: Apr. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1349

    The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the image_id parameter of the ajax action wpqa_remove_image belongs to the requesting user, allowing any u... Read more

    Affected Products : wpqa_builder
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-1347

    Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation... Read more

    Affected Products : organizr
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2022-1346

    Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.... Read more

    Affected Products : organizr
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2022-1345

    Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.... Read more

    Affected Products : organizr
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2022-1344

    Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.... Read more

    Affected Products : organizr
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2022-1342

    A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to... Read more

    Affected Products : remote_desktop_manager
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1341

    An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in get_cmdln_options() function in src/options.c.... Read more

    Affected Products : bwm-ng
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2022-1340

    Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.... Read more

    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1339

    SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data... Read more

    Affected Products : pimcore
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1338

    The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : easily_generate_rest_api
    • Published: May. 09, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1337

    The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1336

    The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed... Read more

    Affected Products : carousel_ck
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1335

    The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed... Read more

    Affected Products : slideshow_ck
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1334

    The WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : wp_youtube_live
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1333

    Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests l... Read more

    Affected Products : playbooks
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1332

    One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file cont... Read more

    Affected Products : mattermost_server mattermost
    • Published: Apr. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1331

    In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure.... Read more

    Affected Products : dmars
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294850 Results