Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2022-0667

    When the vulnerability is triggered the BIND process will exit. BIND 9.18.0... Read more

    • Published: Mar. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2022-0666

    CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0665

    Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.... Read more

    Affected Products : pimcore
    • Published: Feb. 22, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-0664

    Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.... Read more

    Affected Products : netmaker
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0663

    The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html c... Read more

    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0662

    The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : adrotate
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-0661

    The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to... Read more

    Affected Products : ad_injection
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2022-0660

    Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0659

    The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : sync_qcloud_cos
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0658

    The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthentica... Read more

    Affected Products : commonsbooking
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0657

    The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete_leads AJAX action, available to unauthenticated users,... Read more

    Affected Products : 5_stars_rating_funnel
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0656

    The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function an... Read more

    Affected Products : web_to_print_shop\
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-0654

    Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository fgribreau/node-request-retry prior to 7.0.0.... Read more

    Affected Products : node-request-retry
    • Published: Feb. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0653

    The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows atta... Read more

    Affected Products : profile_builder
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0652

    Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.... Read more

    Affected Products : unified_threat_management
    • Published: Mar. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0651

    The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication ... Read more

    Affected Products : wp_statistics
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2022-0650

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists... Read more

    Affected Products : tl-wr940n_firmware tl-wr940n
    • Published: Mar. 28, 2023
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0649

    The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : adrotate
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0648

    The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.... Read more

    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0647

    The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : bulk_creator
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294337 Results