Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.4

    MEDIUM
    CVE-2022-0216

    A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileg... Read more

    Affected Products : fedora qemu
    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0215

    The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/c... Read more

    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0214

    The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog... Read more

    Affected Products : custom_popup_builder
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2022-0213

    vim is vulnerable to Heap-based Buffer Overflow... Read more

    Affected Products : debian_linux vim
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0212

    The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cro... Read more

    Affected Products : spidercalendar
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0211

    The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.... Read more

    Affected Products : shield_security
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0210

    The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the ~/include/models/model.php file which allowed attackers with administrative user access to inject arbitrar... Read more

    Affected Products : random_banner
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0208

    The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting... Read more

    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2022-0207

    A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text.... Read more

    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0206

    The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues... Read more

    Affected Products : newstatpress
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0205

    The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings (available to users with a role as low as author) before outputting them, leading to a Stored Cross-Site Scripting issue... Read more

    Affected Products : yop-poll yop_poll
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0204

    A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.... Read more

    Affected Products : fedora debian_linux bluez
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0203

    Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.... Read more

    Affected Products : crater
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0201

    The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue... Read more

    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0200

    Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a... Read more

    Affected Products : portfolio_post
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0199

    The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack... Read more

    Affected Products : coming_soon_and_maintenance_mode
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0198

    corenlp is vulnerable to Improper Restriction of XML External Entity Reference... Read more

    Affected Products : corenlp
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0197

    phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : fedora phoronix_test_suite
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0196

    phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : fedora phoronix_test_suite
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0194

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from th... Read more

    Affected Products : debian_linux netatalk
    • Published: Mar. 28, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294209 Results