Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-0541

    The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.... Read more

    Affected Products : flo-launch
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0540

    A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.2... Read more

    • Published: Apr. 20, 2022
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2022-0539

    Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14.... Read more

    Affected Products : beanstalk_console
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0538

    Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.... Read more

    Affected Products : jenkins
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-0537

    The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. The file is written relative to t... Read more

    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2022-0536

    Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8. ... Read more

    Affected Products : follow-redirects
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0535

    The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : e2pdf
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0534

    A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault).... Read more

    Affected Products : debian_linux htmldoc
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0533

    The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.... Read more

    Affected Products : ditty
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2022-0532

    An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kern... Read more

    Affected Products : cri-o openshift_container_platform
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0531

    The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting... Read more

    Affected Products : migration\,_backup\,_staging
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0530

    A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code executi... Read more

    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0529

    A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code executi... Read more

    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0528

    Server-Side Request Forgery (SSRF) in GitHub repository transloadit/uppy prior to 3.3.1. ... Read more

    Affected Products : uppy
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0527

    Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.... Read more

    Affected Products : chatwoot
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2022-0526

    Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.... Read more

    Affected Products : chatwoot
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-0525

    Out-of-bounds Read in Homebrew mruby prior to 3.2.... Read more

    Affected Products : mruby
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0524

    Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.... Read more

    Affected Products : publify
    • Published: Feb. 08, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0523

    Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.... Read more

    Affected Products : fedora radare2
    • Published: Feb. 08, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0522

    Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2.... Read more

    Affected Products : fedora radare2
    • Published: Feb. 08, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294289 Results