Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-43996

    The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently... Read more

    Affected Products : csaf_provider
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-42811

    An access issue was addressed with additional sandbox restrictions. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to access user-sensitive data.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Nov. 01, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-42810

    The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing a maliciously crafted USD file may disclose memory contents.... Read more

    Affected Products : macos iphone_os tvos ipados
    • Published: Nov. 01, 2022
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2022-42809

    The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution.... Read more

    Affected Products : macos
    • Published: Nov. 01, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-42808

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. A remote user may be able to cause kernel code execution.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Nov. 01, 2022
    • Modified: Apr. 22, 2025

  • 7.0

    HIGH
    CVE-2022-42806

    A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Nov. 01, 2022
    • Modified: Apr. 22, 2025

  • 7.0

    HIGH
    CVE-2022-42803

    A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel pr... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Nov. 01, 2022
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2022-42801

    A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privil... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Nov. 01, 2022
    • Modified: Apr. 22, 2025

  • 7.8

    HIGH
    CVE-2022-42800

    This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination ... Read more

    Affected Products : macos iphone_os watchos ipados
    • Published: Nov. 01, 2022
    • Modified: Apr. 22, 2025

  • 8.1

    HIGH
    CVE-2022-3999

    The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable.... Read more

    Affected Products : woocommerce_shipping
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-3989

    The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types (such as .php) in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to laun... Read more

    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-3982

    The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE... Read more

    Affected Products : booking_calendar
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-3981

    The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber... Read more

    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-3935

    The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks... Read more

    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-3934

    The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : flat_pm
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 5.4

    MEDIUM
    CVE-2022-3933

    The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks.... Read more

    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 7.2

    HIGH
    CVE-2022-3925

    The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users... Read more

    Affected Products : buddybadges
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-3921

    The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE... Read more

    Affected Products : listingo
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 4.8

    MEDIUM
    CVE-2022-3919

    The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.... Read more

    Affected Products : jetpack_crm
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-3915

    The Dokan WordPress plugin before 3.7.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users... Read more

    Affected Products : dokan
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025
Showing 20 of 293562 Results