Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2022-1046

    The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : visual_form_builder
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2022-1045

    Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.... Read more

    Affected Products : trudesk
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2022-1044

    Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1.... Read more

    Affected Products : trudesk
    • Published: May. 12, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1043

    A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1042

    In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.... Read more

    Affected Products : zephyr
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1041

    In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerability can be triggered during provisioning.... Read more

    Affected Products : zephyr
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-1039

    The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by defaul... Read more

    Affected Products : da50n_firmware da50n
    • Published: Apr. 20, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-1037

    The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs... Read more

    Affected Products : exmage
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1036

    Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.... Read more

    Affected Products : microweber cockpit
    • Published: Mar. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1035

    Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV.... Read more

    Affected Products : gpac
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-1034

    There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4.... Read more

    Affected Products : showdoc
    • Published: Mar. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1033

    Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.... Read more

    Affected Products : crater
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-1032

    Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.... Read more

    Affected Products : crater
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1031

    Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6.... Read more

    Affected Products : radare2
    • Published: Mar. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2022-1030

    Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target ho... Read more

    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1029

    The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_... Read more

    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1028

    The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-S... Read more

    Affected Products : wordpress_security
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1027

    The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross-Site Scripting that will only affect administrator use... Read more

    Affected Products : page_restriction
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2022-1026

    Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.... Read more

    Affected Products : net_viewer
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2022-1025

    All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.... Read more

    Affected Products : argo-cd argo_cd
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294713 Results