Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-0638

    Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0636

    A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash.... Read more

    Affected Products : thin_installer
    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0635

    Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.... Read more

    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0634

    The ThirstyAffiliates WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subscriber) to add an image from an external URL to an affiliate link. Further the... Read more

    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0633

    The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to ... Read more

    Affected Products : updraftplus
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0632

    NULL Pointer Dereference in Homebrew mruby prior to 3.2.... Read more

    Affected Products : mruby
    • Published: Feb. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0631

    Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.... Read more

    Affected Products : mruby
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0630

    Out-of-bounds Read in Homebrew mruby prior to 3.2.... Read more

    Affected Products : mruby
    • Published: Feb. 19, 2022
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2022-0629

    Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.... Read more

    Affected Products : fedora debian_linux vim macos
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0628

    The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : ap_mega_menu
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0627

    The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : amelia
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0626

    The Advanced Admin Search WordPress plugin before 1.1.6 does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : advanced_admin_search
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0625

    The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : admin_menu_editor
    • Published: May. 09, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0624

    Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0.... Read more

    Affected Products : parse-path
    • Published: Jun. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-0623

    Out-of-bounds Read in Homebrew mruby prior to 3.2.... Read more

    Affected Products : mruby
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-0622

    Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.... Read more

    Affected Products : snipe-it
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0621

    The dTabs WordPress plugin through 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : dtabs
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0620

    The Delete Old Orders WordPress plugin through 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : delete_old_orders
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0619

    The Database Peek WordPress plugin through 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : database_peek
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0618

    A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame wher... Read more

    Affected Products : swiftnio_http\/2
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294330 Results