Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2022-32889

    The issue was addressed with improved memory handling. This issue is fixed in iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : iphone_os watchos
    • EPSS Score: %0.12
    • Published: Nov. 01, 2022
    • Modified: May. 05, 2025

  • 7.0

    HIGH
    CVE-2022-32477

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of ... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.05
    • Published: Feb. 15, 2023
    • Modified: May. 05, 2025

  • 7.0

    HIGH
    CVE-2022-32475

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of pri... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.05
    • Published: Feb. 15, 2023
    • Modified: May. 05, 2025

  • 7.0

    HIGH
    CVE-2022-32471

    An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked ... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.05
    • Published: Feb. 15, 2023
    • Modified: May. 05, 2025

  • 7.0

    HIGH
    CVE-2022-32470

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of priv... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.05
    • Published: Feb. 15, 2023
    • Modified: May. 05, 2025

  • 7.0

    HIGH
    CVE-2022-32469

    An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. Thi... Read more

    Affected Products : insydeh2o
    • EPSS Score: %0.05
    • Published: Feb. 15, 2023
    • Modified: May. 05, 2025

  • 5.9

    MEDIUM
    CVE-2022-32208

    When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.... Read more

    • EPSS Score: %0.19
    • Published: Jul. 07, 2022
    • Modified: May. 05, 2025

  • 6.5

    MEDIUM
    CVE-2022-32206

    curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing ... Read more

    • EPSS Score: %2.54
    • Published: Jul. 07, 2022
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2022-32205

    A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cook... Read more

    • EPSS Score: %1.64
    • Published: Jul. 07, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-30944

    Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.... Read more

    • EPSS Score: %0.08
    • Published: Aug. 18, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-30601

    Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access.... Read more

    • EPSS Score: %1.46
    • Published: Aug. 18, 2022
    • Modified: May. 05, 2025

  • 4.9

    MEDIUM
    CVE-2022-2943

    The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the alm_repeaters_export() function. This makes it possible for... Read more

    Affected Products : ajax_load_more
    • EPSS Score: %0.49
    • Published: Sep. 06, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-2941

    The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor e... Read more

    Affected Products : wp-useronline
    • EPSS Score: %3.28
    • Published: Sep. 06, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-2542

    The uContext for Clickbank plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~/app/sites/ajax/actions/keyword_save.php file that ... Read more

    Affected Products : ucontext_for_clickbank
    • EPSS Score: %0.22
    • Published: Sep. 06, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-2541

    The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the ~/app/sites/ajax/actions/keyword_save.php file that is ... Read more

    Affected Products : ucontext_for_amazon
    • EPSS Score: %0.22
    • Published: Sep. 06, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-2518

    The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockist_settings_main() function. This makes it possible for ... Read more

    Affected Products : stockists_manager_for_woocommerce
    • EPSS Score: %0.20
    • Published: Sep. 06, 2022
    • Modified: May. 05, 2025

  • 6.4

    MEDIUM
    CVE-2022-2515

    The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `pro_version_activation_code` parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products : simple_banner
    • EPSS Score: %0.18
    • Published: Sep. 06, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-2473

    The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templates[browsingpage][text]' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possib... Read more

    Affected Products : wp-useronline
    • EPSS Score: %0.36
    • Published: Sep. 06, 2022
    • Modified: May. 05, 2025

  • 5.3

    MEDIUM
    CVE-2022-2461

    The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action... Read more

    Affected Products : transposh_wordpress_translation
    • EPSS Score: %0.51
    • Published: Sep. 06, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-2444

    The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers wit... Read more

    Affected Products : visualizer
    • EPSS Score: %2.96
    • Published: Jul. 18, 2022
    • Modified: May. 05, 2025
Showing 20 of 291222 Results