Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-0169

    The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users)... Read more

    Affected Products : photo_gallery
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2022-0168

    A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0167

    An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields... Read more

    Affected Products : gitlab
    • Published: Jul. 01, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0166

    A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created... Read more

    Affected Products : agent
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0165

    The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users... Read more

    Affected Products : kingcomposer
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0164

    The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all sub... Read more

    Affected Products : coming_soon_and_maintenance_mode
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0163

    The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitrary form's data, which could include sensitive informati... Read more

    Affected Products : smart_forms
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0162

    The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to in... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0161

    The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : ari_fancy_lightbox
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2022-0159

    orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : orchardcore
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2022-0158

    vim is vulnerable to Heap-based Buffer Overflow... Read more

    Affected Products : fedora vim macos
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0157

    phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : fedora phoronix_test_suite
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2022-0156

    vim is vulnerable to Use After Free... Read more

    Affected Products : fedora vim macos
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2022-0155

    follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor... Read more

    Affected Products : sinec_ins follow-redirects
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2022-0154

    An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site Request Forgery attack t... Read more

    Affected Products : gitlab
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-0153

    SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.... Read more

    Affected Products : fork_cms
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0152

    An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particu... Read more

    Affected Products : gitlab
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0151

    An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not correctly handling requests to delete existin... Read more

    Affected Products : gitlab
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0150

    The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue... Read more

    Affected Products : wp_accessibility_helper
    • Published: Feb. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0149

    The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page.... Read more

    Affected Products : store_exporter_for_woocommerce
    • Published: Feb. 07, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294267 Results