Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2022-0431

    The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leading to Reflected Cross-Site Scripting... Read more

    Affected Products : insights_from_google_pagespeed
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-0430

    Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0.... Read more

    Affected Products : httpie
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0429

    The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vuln... Read more

    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0428

    The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : content_egg
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0427

    Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover... Read more

    Affected Products : gitlab
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0426

    The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action (available to any authenticated user), leading to a Reflect... Read more

    Affected Products : product_feed_pro_for_woocommerce
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2022-0425

    A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery (SSRF) attacks.... Read more

    Affected Products : gitlab
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-0424

    The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users... Read more

    Affected Products : popup
    • Published: May. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0423

    The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads i... Read more

    Affected Products : 3d_flipbook
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0422

    The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue... Read more

    Affected Products : white_label_cms
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-0420

    The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks... Read more

    Affected Products : registrationmagic
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2022-0419

    NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0.... Read more

    Affected Products : fedora radare2
    • Published: Feb. 01, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0418

    The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfiltered_html is disallowed... Read more

    Affected Products : event_list
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2022-0417

    Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.... Read more

    Affected Products : fedora debian_linux vim
    • Published: Feb. 01, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-0415

    Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.... Read more

    Affected Products : gogs
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0414

    Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0.... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Jan. 31, 2022
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2022-0413

    Use After Free in GitHub repository vim/vim prior to 8.2.... Read more

    Affected Products : fedora debian_linux vim
    • Published: Jan. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0412

    The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooCommerce Wishlist Pro WordPress plugin before 1.40.1 do not sanitise and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint, allow... Read more

    Affected Products : ti_woocommerce_wishlist
    • Published: Feb. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0411

    The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route of the plugin (accessible to any authenticated user), leading to a SQL injection... Read more

    Affected Products : asgaros_forum
    • Published: Feb. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0410

    The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection... Read more

    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294285 Results