Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2022-0713

    Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.... Read more

    Affected Products : fedora radare2
    • Published: Feb. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0712

    NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.... Read more

    Affected Products : fedora radare2
    • Published: Feb. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0711

    A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition... Read more

    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0710

    The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter.... Read more

    Affected Products : header_footer_code_manager
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0709

    The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data ... Read more

    Affected Products : booking_package
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0708

    Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one of the APIs, which allows authenticated team members to access this information resulting in sensitive & private information disclosure.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0705

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.... Read more

    Affected Products : pimcore
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0704

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.... Read more

    Affected Products : pimcore
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0703

    The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : gd-mylist
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0702

    The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : petfinder-listings
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0701

    The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : seo-301-meta
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0700

    The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : simple_tracking
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0697

    Open Redirect in GitHub repository archivy/archivy prior to 1.7.0.... Read more

    Affected Products : archivy
    • Published: Mar. 06, 2022
    • Modified: Nov. 21, 2024

  • 6.2

    MEDIUM
    CVE-2022-0696

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.... Read more

    Affected Products : fedora debian_linux vim macos
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2022-0695

    Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.... Read more

    Affected Products : fedora radare2
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0694

    The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users... Read more

    Affected Products : advanced_booking_calendar
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0693

    The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to a... Read more

    Affected Products : master_elements
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0692

    Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1.... Read more

    Affected Products : alltube alltube
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0691

    Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.... Read more

    Affected Products : url-parse
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0690

    Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 19, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294358 Results