Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2022-0368

    Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.... Read more

    Affected Products : debian_linux vim macos
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0367

    A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.... Read more

    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0366

    An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1.... Read more

    Affected Products : capsule8
    • Published: Feb. 02, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-0365

    The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin (root) user.... Read more

    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0364

    The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : modern_events_calendar_lite
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0363

    The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, mana... Read more

    Affected Products : mycred
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0362

    SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.... Read more

    Affected Products : showdoc
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2022-0361

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.... Read more

    Affected Products : debian_linux vim macos
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0360

    The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which could allow high privilege users to import malicious ones (either intentionnaly or not) and lead to Stored Cr... Read more

    • Published: Feb. 28, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0359

    Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.... Read more

    Affected Products : debian_linux vim macos
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0358

    A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a s... Read more

    Affected Products : enterprise_linux qemu
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0357

    Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM. This issue affects: Bitdef... Read more

    • Published: May. 24, 2023
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0355

    Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1. ... Read more

    Affected Products : simple-get
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0354

    A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that ... Read more

    Affected Products : system_update
    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2022-0353

    A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash. ... Read more

    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 8.5

    HIGH
    CVE-2022-0352

    Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16.... Read more

    Affected Products : calibre-web calibre-web
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2022-0351

    Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.... Read more

    Affected Products : debian_linux vim macos
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0350

    Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.... Read more

    Affected Products : vditor
    • Published: Mar. 31, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0349

    The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection... Read more

    Affected Products : notificationx
    • Published: Mar. 07, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-0348

    Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.... Read more

    Affected Products : pimcore
    • Published: Jan. 27, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294528 Results