Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-40309

    Users with write permissions to a repository can delete arbitrary directories.... Read more

    Affected Products : archiva
    • EPSS Score: %0.21
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-40308

    If anonymous read enabled, it's possible to read the database file directly without logging in.... Read more

    Affected Products : archiva
    • EPSS Score: %0.27
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.1

    HIGH
    CVE-2022-3763

    The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not have CSRF check in place when deleting files uploaded at the checkout... Read more

    Affected Products : booster_for_woocommerce
    • EPSS Score: %0.21
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2022-3762

    The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ... Read more

    Affected Products : booster_for_woocommerce
    • EPSS Score: %0.38
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 4.8

    MEDIUM
    CVE-2022-3753

    The Evaluate WordPress plugin through 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e... Read more

    Affected Products : evaluate
    • EPSS Score: %0.12
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 4.7

    MEDIUM
    CVE-2022-3750

    The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.... Read more

    Affected Products : ask_me
    • EPSS Score: %0.14
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 7.2

    HIGH
    CVE-2022-3720

    The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users... Read more

    Affected Products : event_monster
    • EPSS Score: %0.38
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-3691

    The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information (including the DeepL API key) in files that are publicly accessible to an external, unauthenticated visitor.... Read more

    Affected Products : deepl_pro_api_translation
    • EPSS Score: %0.52
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 4.8

    MEDIUM
    CVE-2022-3631

    The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabil... Read more

    Affected Products : oauth_client
    • EPSS Score: %0.11
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-3578

    The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : profilegrid
    • EPSS Score: %8.80
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 9.8

    CRITICAL
    CVE-2022-3574

    The WPForms Pro WordPress plugin before 1.7.7 does not validate its form data when generating the exported CSV, which could lead to CSV injection.... Read more

    Affected Products : wpforms_pro
    • EPSS Score: %1.69
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 4.8

    MEDIUM
    CVE-2022-3539

    The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html ca... Read more

    Affected Products : testimonials testimonials_pro
    • EPSS Score: %0.12
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 6.5

    MEDIUM
    CVE-2022-3538

    The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins... Read more

    Affected Products : webmaster_tools_verification
    • EPSS Score: %0.20
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 6.1

    MEDIUM
    CVE-2022-3484

    The WPB Show Core WordPress plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : wpb_show_core
    • EPSS Score: %11.49
    • Published: Nov. 14, 2022
    • Modified: Apr. 30, 2025

  • 7.5

    HIGH
    CVE-2022-38666

    Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features.... Read more

    • EPSS Score: %0.03
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.8

    HIGH
    CVE-2022-38148

    Silverstripe silverstripe/framework through 4.11 allows SQL Injection.... Read more

    Affected Products : framework
    • EPSS Score: %0.22
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 5.4

    MEDIUM
    CVE-2022-38146

    Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).... Read more

    Affected Products : framework admin
    • EPSS Score: %0.32
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 6.8

    MEDIUM
    CVE-2022-35897

    An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execu... Read more

    Affected Products : kernel
    • EPSS Score: %0.12
    • Published: Nov. 21, 2022
    • Modified: Apr. 30, 2025

  • 8.2

    HIGH
    CVE-2022-30772

    Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the ad... Read more

    Affected Products : kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 8.2

    HIGH
    CVE-2022-30771

    Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineer... Read more

    Affected Products : kernel
    • EPSS Score: %0.05
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025
Showing 20 of 291193 Results