Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2022-0862

    A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's pa... Read more

    Affected Products : epolicy_orchestrator
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0861

    A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some acc... Read more

    Affected Products : epolicy_orchestrator
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-0860

    Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.... Read more

    Affected Products : fedora cobbler cobbler
    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2022-0859

    McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server h... Read more

    Affected Products : epolicy_orchestrator
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2022-0858

    A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully c... Read more

    Affected Products : epolicy_orchestrator
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0857

    A reflected cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a c... Read more

    Affected Products : epolicy_orchestrator
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0856

    libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service... Read more

    Affected Products : fedora libcaca
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2022-0855

    Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4.... Read more

    Affected Products : whmcs
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0854

    A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0853

    A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.... Read more

    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0852

    There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ... Read more

    Affected Products : enterprise_linux convert2rhel
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0851

    There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the act... Read more

    Affected Products : enterprise_linux convert2rhel
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0850

    A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2022-0849

    Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6.... Read more

    Affected Products : radare2
    • Published: Mar. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-0848

    OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11.... Read more

    Affected Products : part-db
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0846

    The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users... Read more

    Affected Products : speakout\!_email_petitions
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-0845

    Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.... Read more

    Affected Products : pytorch_lightning pytorch_lightning
    • Published: Mar. 05, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0842

    A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges th... Read more

    Affected Products : epolicy_orchestrator
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-0841

    OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.... Read more

    Affected Products : npm-lockfile
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0840

    The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed.... Read more

    Affected Products : easy_social_icons
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294510 Results