Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2022-2461

    The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action... Read more

    Affected Products : transposh_wordpress_translation
    • EPSS Score: %0.51
    • Published: Sep. 06, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-2444

    The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers wit... Read more

    Affected Products : visualizer
    • EPSS Score: %2.96
    • Published: Jul. 18, 2022
    • Modified: May. 05, 2025

  • 7.2

    HIGH
    CVE-2022-2438

    The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and abov... Read more

    Affected Products : broken_link_checker
    • EPSS Score: %0.45
    • Published: Sep. 06, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-2437

    The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers t... Read more

    Affected Products : feed_them_social
    • EPSS Score: %9.13
    • Published: Jul. 18, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-2436

    The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and... Read more

    • EPSS Score: %0.36
    • Published: Sep. 06, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-2435

    The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. This is due to missing nonce protection on the createDOMStructure() function found in the ~/anymind-widget-id.php file. This makes it... Read more

    Affected Products : anymind_widget
    • EPSS Score: %0.44
    • Published: Jul. 18, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-2434

    The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper... Read more

    Affected Products : string_locator
    • EPSS Score: %0.88
    • Published: Sep. 06, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-2233

    The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabc_admin_slides_postback() function found in the ~/admin/admin.php file. This makes i... Read more

    Affected Products : banner_cycler
    • EPSS Score: %0.29
    • Published: Sep. 06, 2022
    • Modified: May. 05, 2025

  • 5.4

    MEDIUM
    CVE-2022-2223

    The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewic_duplicate_slider. This make it possible for unauthent... Read more

    Affected Products : image_slider
    • EPSS Score: %0.21
    • Published: Jul. 18, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-2108

    The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up... Read more

    Affected Products : buddypress_group_reviews
    • EPSS Score: %0.69
    • Published: Jul. 18, 2022
    • Modified: May. 05, 2025

  • 10.0

    HIGH
    CVE-2022-2068

    In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292... Read more

    • EPSS Score: %51.85
    • Published: Jun. 21, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-2001

    The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the dxss_admin_page() function found in the ~/dx-share-selection.php file. This makes ... Read more

    Affected Products : dx_share_selection
    • EPSS Score: %0.32
    • Published: Jul. 18, 2022
    • Modified: May. 05, 2025

  • 5.9

    MEDIUM
    CVE-2022-29593

    relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.... Read more

    Affected Products : dt-r004_firmware dt-r004
    • EPSS Score: %6.39
    • Published: Jul. 14, 2022
    • Modified: May. 05, 2025

  • 4.4

    MEDIUM
    CVE-2022-28709

    Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.1.9 may allow a privileged user to potentially enable denial of service via local access.... Read more

    • EPSS Score: %0.05
    • Published: Aug. 18, 2022
    • Modified: May. 05, 2025

  • 6.8

    MEDIUM
    CVE-2022-28697

    Improper access control in firmware for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable escalation of privilege via physical access.... Read more

    • EPSS Score: %0.31
    • Published: Aug. 18, 2022
    • Modified: May. 05, 2025

  • 7.8

    HIGH
    CVE-2022-28696

    Uncontrolled search path in the Intel(R) Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products : distribution_for_python
    • EPSS Score: %0.07
    • Published: Aug. 18, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-28388

    usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.... Read more

    • EPSS Score: %0.01
    • Published: Apr. 03, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-28356

    In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.02
    • Published: Apr. 02, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-27500

    Incorrect default permissions for the Intel(R) Support Android application before 21.07.40 may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    Affected Products : support
    • EPSS Score: %0.04
    • Published: Aug. 18, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-26373

    Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.... Read more

    • EPSS Score: %0.28
    • Published: Aug. 18, 2022
    • Modified: May. 05, 2025
Showing 20 of 291219 Results