Latest CVE Feed
-
6.1
MEDIUMCVE-2022-1567
The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, that accepts unvalidated user input and echoes it back to the user. This can be used for reflected Cross-Site Scripting in versions up to, and including, 2.0.... Read more
Affected Products : wp-js- EPSS Score: %0.25
- Published: May. 10, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-1505
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthentica... Read more
Affected Products : rsvpmaker- EPSS Score: %3.43
- Published: May. 10, 2022
- Modified: May. 05, 2025
-
7.5
HIGHCVE-2022-1473
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes... Read more
Affected Products : active_iq_unified_manager a700s_firmware solidfire_\&_hci_management_node snapmanager openssl h300s_firmware h500s_firmware h700s_firmware h410s_firmware clustered_data_ontap +33 more products- EPSS Score: %0.23
- Published: May. 03, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-1453
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attac... Read more
Affected Products : rsvpmaker- EPSS Score: %6.42
- Published: May. 10, 2022
- Modified: May. 05, 2025
-
7.5
HIGHCVE-2022-1442
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-pa... Read more
Affected Products : metform_elementor_contact_form_builder- EPSS Score: %85.20
- Published: May. 10, 2022
- Modified: May. 05, 2025
-
5.3
MEDIUMCVE-2022-1343
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response... Read more
Affected Products : active_iq_unified_manager a700s_firmware solidfire_\&_hci_management_node snapmanager openssl h300s_firmware h500s_firmware h700s_firmware h410s_firmware clustered_data_ontap +33 more products- EPSS Score: %0.12
- Published: May. 03, 2022
- Modified: May. 05, 2025
-
6.1
MEDIUMCVE-2022-1187
The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the ~/inc/admin.php file which allows unauthenticated attackers to inject arbitrary web scripts in versions up to, and including, 1.7.21.... Read more
Affected Products : wp_youtube_live- EPSS Score: %3.23
- Published: Apr. 19, 2022
- Modified: May. 05, 2025
-
4.8
MEDIUMCVE-2022-1094
The amr users WordPress plugin before 4.59.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more
Affected Products : amr_users- EPSS Score: %0.19
- Published: Apr. 25, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-0992
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized... Read more
- EPSS Score: %4.37
- Published: Apr. 19, 2022
- Modified: May. 05, 2025
-
6.4
MEDIUMCVE-2022-0750
The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-mason... Read more
Affected Products : photoswipe_masonry_gallery- EPSS Score: %0.19
- Published: Mar. 23, 2022
- Modified: May. 05, 2025
-
2.4
LOWCVE-2022-0005
Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.... Read more
- EPSS Score: %0.04
- Published: May. 12, 2022
- Modified: May. 05, 2025
-
7.2
HIGHCVE-2022-0004
Hardware debug modes and processor INIT setting that allow override of locks for some Intel(R) Processors in Intel(R) Boot Guard and Intel(R) TXT may allow an unauthenticated user to potentially enable escalation of privilege via physical access.... Read more
- EPSS Score: %0.12
- Published: May. 12, 2022
- Modified: May. 05, 2025
-
6.5
MEDIUMCVE-2022-0002
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.... Read more
- EPSS Score: %0.70
- Published: Mar. 11, 2022
- Modified: May. 05, 2025
-
6.5
MEDIUMCVE-2022-0001
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.... Read more
- EPSS Score: %0.43
- Published: Mar. 11, 2022
- Modified: May. 05, 2025
-
7.5
HIGHCVE-2021-46828
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.... Read more
- EPSS Score: %0.37
- Published: Jul. 20, 2022
- Modified: May. 05, 2025
-
8.1
HIGHCVE-2021-46143
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.... Read more
- EPSS Score: %4.08
- Published: Jan. 06, 2022
- Modified: May. 05, 2025
-
9.0
HIGHCVE-2021-45960
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).... Read more
- EPSS Score: %0.37
- Published: Jan. 01, 2022
- Modified: May. 05, 2025
-
6.5
MEDIUMCVE-2021-44545
Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.... Read more
Affected Products : wi-fi_6_ax201_firmware wi-fi_6_ax200_firmware killer_ac_1550_firmware killer_wi-fi_6_ax1650_firmware killer_wi-fi_6e_ax1675_firmware proset_wi-fi_6e_ax210_firmware killer_wi-fi_6e_ax1690_firmware wi-fi_6e_ax411_firmware wi-fi_6e_ax211_firmware killer_wi-fi_6e_ax1675 +8 more products- EPSS Score: %0.12
- Published: Aug. 18, 2022
- Modified: May. 05, 2025
-
5.5
MEDIUMCVE-2021-44470
Incorrect default permissions for the Intel(R) Connect M Android application before version 1.7.4 may allow an authenticated user to potentially enable information disclosure via local access.... Read more
Affected Products : connect_m- EPSS Score: %0.04
- Published: Aug. 18, 2022
- Modified: May. 05, 2025
-
7.8
HIGHCVE-2021-44454
Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more
Affected Products : quartus_prime- EPSS Score: %0.06
- Published: Feb. 09, 2022
- Modified: May. 05, 2025