Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2022-3394

    The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the... Read more

    Affected Products : wp_all_export
    • EPSS Score: %0.52
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-3393

    The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection... Read more

    Affected Products : post_to_csv
    • EPSS Score: %3.66
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 4.8

    MEDIUM
    CVE-2022-3392

    The WP Humans.txt WordPress plugin through 1.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ... Read more

    Affected Products : wp_humans.txt
    • EPSS Score: %0.71
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-38060

    A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.... Read more

    Affected Products : openstack kolla
    • EPSS Score: %0.02
    • Published: Dec. 21, 2022
    • Modified: May. 07, 2025

  • 6.5

    MEDIUM
    CVE-2022-33757

    An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to... Read more

    Affected Products : nessus
    • EPSS Score: %0.22
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-33184

    A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code ... Read more

    Affected Products : fabric_operating_system
    • EPSS Score: %0.03
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2022-33183

    A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands.... Read more

    Affected Products : fabric_operating_system
    • EPSS Score: %0.87
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 7.8

    HIGH
    CVE-2022-33182

    A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “po... Read more

    Affected Products : fabric_operating_system
    • EPSS Score: %0.03
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 5.5

    MEDIUM
    CVE-2022-33181

    An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”.... Read more

    Affected Products : fabric_operating_system
    • EPSS Score: %0.06
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 5.3

    MEDIUM
    CVE-2022-2508

    In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.... Read more

    Affected Products : octopus_server
    • EPSS Score: %0.29
    • Published: Oct. 27, 2022
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2022-2190

    The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers... Read more

    Affected Products : envira_gallery
    • EPSS Score: %0.18
    • Published: Oct. 31, 2022
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2022-2167

    The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : newspaper
    • EPSS Score: %0.25
    • Published: Oct. 31, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2022-29851

    documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document.... Read more

    Affected Products : ox_app_suite
    • EPSS Score: %0.38
    • Published: Oct. 25, 2022
    • Modified: May. 07, 2025

  • 9.1

    CRITICAL
    CVE-2022-27583

    A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact.... Read more

    • EPSS Score: %0.13
    • Published: Oct. 31, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-42777

    Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.D... Read more

    Affected Products : reports
    • EPSS Score: %0.14
    • Published: Oct. 29, 2022
    • Modified: May. 07, 2025

  • 7.5

    HIGH
    CVE-2021-40661

    A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10')... Read more

    Affected Products : ind780_firmware ind780
    • EPSS Score: %88.45
    • Published: Oct. 31, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2021-40241

    xfig 3.2.7 is vulnerable to Buffer Overflow.... Read more

    Affected Products : xfig
    • EPSS Score: %0.08
    • Published: Oct. 31, 2022
    • Modified: May. 07, 2025

  • 6.1

    MEDIUM
    CVE-2021-38728

    SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php.... Read more

    Affected Products : semcms
    • EPSS Score: %0.55
    • Published: Oct. 28, 2022
    • Modified: May. 07, 2025

  • 9.8

    CRITICAL
    CVE-2020-21016

    D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.... Read more

    Affected Products : dir-846_firmware dir-846
    • EPSS Score: %3.98
    • Published: Oct. 31, 2022
    • Modified: May. 07, 2025

  • 8.8

    HIGH
    CVE-2024-52553

    Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.... Read more

    • Published: Nov. 13, 2024
    • Modified: May. 07, 2025
Showing 20 of 291647 Results