Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2022-0851

    There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the act... Read more

    Affected Products : enterprise_linux convert2rhel
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0850

    A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2022-0849

    Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6.... Read more

    Affected Products : radare2
    • Published: Mar. 05, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-0848

    OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11.... Read more

    Affected Products : part-db
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0846

    The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users... Read more

    Affected Products : speakout\!_email_petitions
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-0845

    Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.... Read more

    Affected Products : pytorch_lightning pytorch_lightning
    • Published: Mar. 05, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0842

    A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges th... Read more

    Affected Products : epolicy_orchestrator
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-0841

    OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.... Read more

    Affected Products : npm-lockfile
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0840

    The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfiltered_html capability is disallowed.... Read more

    Affected Products : easy_social_icons
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0839

    Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0.... Read more

    Affected Products : liquibase sqlcl
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 6.6

    MEDIUM
    CVE-2022-0838

    Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10.... Read more

    Affected Products : control_panel
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0837

    The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account b... Read more

    Affected Products : amelia
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0836

    The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users... Read more

    Affected Products : sema_api
    • Published: May. 09, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-0835

    AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.... Read more

    Affected Products : system_platform
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-0834

    The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the ~/src/Application/Controller/User/Customer/AddCustomerController.php file which allows attackers to inje... Read more

    Affected Products : amelia amelia
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0833

    The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requestin... Read more

    Affected Products : church_admin
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0832

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.... Read more

    Affected Products : pimcore
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0831

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.... Read more

    Affected Products : pimcore
    • Published: Mar. 04, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0830

    The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete ... Read more

    Affected Products : formbuilder
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-0829

    Improper Authorization in GitHub repository webmin/webmin prior to 1.990.... Read more

    Affected Products : webmin
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294519 Results