Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2022-42445

    HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credential previously saved for performing authenticated LDAP searches. ... Read more

    Affected Products : hcl_launch
    • Published: Dec. 12, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-3865

    The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin... Read more

    Affected Products : wp_user_merger
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 4.3

    MEDIUM
    CVE-2022-3850

    The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack... Read more

    Affected Products : find_and_replace_all
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 4.8

    MEDIUM
    CVE-2022-3831

    The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e... Read more

    Affected Products : recaptcha
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 4.8

    MEDIUM
    CVE-2022-3823

    The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili... Read more

    Affected Products : beautiful_cookie_consent_banner
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 8.8

    HIGH
    CVE-2022-3769

    The OWM Weather WordPress plugin before 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor... Read more

    Affected Products : owm_weather
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2022-3751

    SQL Injection in GitHub repository owncast/owncast prior to 0.0.13.... Read more

    Affected Products : owncast
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 7.2

    HIGH
    CVE-2022-3689

    The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users... Read more

    Affected Products : html_forms
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 6.1

    MEDIUM
    CVE-2022-36433

    The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.... Read more

    Affected Products : amasty_blog_pro
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 4.8

    MEDIUM
    CVE-2022-36137

    ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader.... Read more

    Affected Products : churchcrm
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 4.8

    MEDIUM
    CVE-2022-36136

    ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment.... Read more

    Affected Products : churchcrm
    • Published: Nov. 29, 2022
    • Modified: Apr. 25, 2025

  • 7.5

    HIGH
    CVE-2022-23746

    The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.... Read more

    Affected Products : ssl_network_extender
    • Published: Nov. 30, 2022
    • Modified: Apr. 25, 2025

  • 6.3

    MEDIUM
    CVE-2022-22984

    The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin befo... Read more

    • Published: Nov. 30, 2022
    • Modified: Apr. 25, 2025

  • 6.1

    MEDIUM
    CVE-2021-31740

    SEPPMail's web frontend, user input is not embedded correctly in the web page and therefore leads to cross-site scripting vulnerabilities (XSS).... Read more

    Affected Products : seppmail
    • Published: Nov. 30, 2022
    • Modified: Apr. 25, 2025

  • 5.4

    MEDIUM
    CVE-2021-25059

    The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of th... Read more

    Affected Products : download_plugin
    • Published: Nov. 28, 2022
    • Modified: Apr. 25, 2025

  • 6.1

    MEDIUM
    CVE-2020-21219

    Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package.... Read more

    Affected Products : pfsense acme
    • Published: Dec. 15, 2022
    • Modified: Apr. 25, 2025

  • 7.8

    HIGH
    CVE-2024-0406

    A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files ... Read more

    • Published: Apr. 06, 2024
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-3204

    A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Affected by this vulnerability is the function ndlz4_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c. The manipulation leads to heap-based buffer overfl... Read more

    Affected Products : c-blosc2 c-blosc2
    • Published: Apr. 02, 2024
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-3203

    A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. It is possible ... Read more

    Affected Products : c-blosc2
    • Published: Apr. 02, 2024
    • Modified: Apr. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-3207

    A vulnerability was found in ermig1979 Simd up to 6.0.134. It has been declared as critical. This vulnerability affects the function ReadUnsigned of the file src/Simd/SimdMemoryStream.h. The manipulation leads to heap-based buffer overflow. The exploit ha... Read more

    Affected Products : simd
    • Published: Apr. 02, 2024
    • Modified: Apr. 25, 2025
Showing 20 of 293521 Results