Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-0450

    The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the se... Read more

    Affected Products : menu_image\,_icons_made_easy
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0449

    The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : flexi
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0448

    The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.... Read more

    Affected Products : cp_blocks
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2022-0447

    The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX action, available to any authenticated users, leading t... Read more

    Affected Products : post_grid
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0446

    The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.... Read more

    Affected Products : simple_banner
    • Published: Aug. 22, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0445

    The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack... Read more

    Affected Products : wordpress_real_cookie_banner
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0444

    The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new bac... Read more

    Affected Products : xcloner
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2022-0443

    Use After Free in GitHub repository vim/vim prior to 8.2.... Read more

    Affected Products : fedora debian_linux vim
    • Published: Feb. 02, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0442

    The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.... Read more

    Affected Products : userswp
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0441

    The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin... Read more

    Affected Products : masterstudy_lms
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-0440

    The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED... Read more

    Affected Products : catch_themes_demo_import
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0439

    The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subs... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0437

    Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.... Read more

    Affected Products : karma
    • Published: Feb. 05, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0436

    Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.... Read more

    Affected Products : grunt
    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2022-0435

    A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the sy... Read more

    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0434

    The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attacker... Read more

    Affected Products : page_view_count
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0433

    A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prio... Read more

    Affected Products : linux_kernel fedora
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2022-0432

    Prototype Pollution in GitHub repository mastodon/mastodon prior to 3.5.0.... Read more

    Affected Products : mastodon
    • Published: Feb. 02, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0431

    The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting... Read more

    Affected Products : insights_from_google_pagespeed
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-0430

    Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0.... Read more

    Affected Products : httpie
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294283 Results