Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2022-0701

    The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : seo-301-meta
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0700

    The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : simple_tracking
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0697

    Open Redirect in GitHub repository archivy/archivy prior to 1.7.0.... Read more

    Affected Products : archivy
    • Published: Mar. 06, 2022
    • Modified: Nov. 21, 2024

  • 6.2

    MEDIUM
    CVE-2022-0696

    NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.... Read more

    Affected Products : fedora debian_linux vim macos
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2022-0695

    Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.... Read more

    Affected Products : fedora radare2
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0694

    The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users... Read more

    Affected Products : advanced_booking_calendar
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0693

    The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to a... Read more

    Affected Products : master_elements
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0692

    Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1.... Read more

    Affected Products : alltube alltube
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0691

    Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.... Read more

    Affected Products : url-parse
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0690

    Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-0689

    Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.4

    CRITICAL
    CVE-2022-0688

    Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 20, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0687

    The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom ... Read more

    Affected Products : amelia
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-0686

    Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.... Read more

    Affected Products : url-parse
    • Published: Feb. 20, 2022
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2022-0685

    Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.... Read more

    Affected Products : fedora debian_linux vim macos
    • Published: Feb. 20, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0684

    The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : wp_home_page_menu
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0683

    The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the ~/includes/Traits/Helper.php file which allows attackers to inject arbitrar... Read more

    Affected Products : essential_addons_for_elementor
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0681

    The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack... Read more

    Affected Products : simple_membership
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0680

    The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site ... Read more

    Affected Products : plezi
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0679

    The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticate... Read more

    Affected Products : narnoo_distributor
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294505 Results