Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2022-0883

    SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched.... Read more

    Affected Products : windows snow_license_manager
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0882

    A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater.... Read more

    Affected Products : fuchsia
    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2022-0881

    Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1.... Read more

    Affected Products : peertube
    • Published: Mar. 09, 2022
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2022-0880

    Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.... Read more

    Affected Products : showdoc
    • Published: Mar. 12, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0879

    The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : caldera_forms
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0878

    Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link provided... Read more

    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2022-0877

    Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3.... Read more

    Affected Products : bookstack
    • Published: Mar. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0876

    The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : social_comments
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0875

    The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks... Read more

    Affected Products : google_authenticator
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0874

    The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.... Read more

    Affected Products : wp_social_buttons
    • Published: May. 09, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0873

    The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even... Read more

    Affected Products : gmedia_gallery
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-0871

    Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.... Read more

    Affected Products : gogs
    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-0870

    Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.... Read more

    Affected Products : gogs
    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0869

    Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.... Read more

    Affected Products : spirit
    • Published: Mar. 06, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2022-0868

    Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10.... Read more

    Affected Products : uri.js urijs
    • Published: Mar. 06, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0867

    The Pricing Table WordPress plugin before 3.6.1 fails to properly sanitize and escape user supplied POST data before it is being interpolated in an SQL statement and then executed via an AJAX action available to unauthenticated users... Read more

    Affected Products : pricing_table
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-0866

    This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsId... Read more

    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0865

    Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.... Read more

    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0864

    The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.... Read more

    Affected Products : updraftplus
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-0863

    The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution.... Read more

    Affected Products : wp_svg_icons
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294510 Results