Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-3883

    The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and ... Read more

    Affected Products : stopbadbots
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 6.5

    MEDIUM
    CVE-2022-3882

    The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and a... Read more

    Affected Products : wp-memory
    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-3359

    The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain... Read more

    • Published: Dec. 12, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-3104

    An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 6.1

    MEDIUM
    CVE-2022-38628

    Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attacke... Read more

    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-38488

    logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter.... Read more

    Affected Products : logrocket-oauth2-example
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-37155

    RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter.... Read more

    Affected Products : spip
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-33239

    Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdra... Read more

    • Published: Nov. 15, 2022
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-33237

    Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapd... Read more

    • Published: Nov. 15, 2022
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-33236

    Transient DOS due to buffer over-read in WLAN firmware while parsing cipher suite info attributes. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking... Read more

    • Published: Nov. 15, 2022
    • Modified: Apr. 22, 2025

  • 8.2

    HIGH
    CVE-2022-33235

    Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdra... Read more

    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-33234

    Memory corruption in video due to configuration weakness. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables... Read more

    • Published: Nov. 15, 2022
    • Modified: Apr. 22, 2025

  • 7.5

    HIGH
    CVE-2022-31703

    The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.... Read more

    Affected Products : vrealize_log_insight
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 9.8

    CRITICAL
    CVE-2022-31702

    vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication.... Read more

    Affected Products : vrealize_network_insight
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 5.3

    MEDIUM
    CVE-2022-31701

    VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.... Read more

    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 7.2

    HIGH
    CVE-2022-31700

    VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2.... Read more

    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025

  • 3.3

    LOW
    CVE-2022-31699

    VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.... Read more

    Affected Products : esxi cloud_foundation
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 5.5

    MEDIUM
    CVE-2022-31697

    The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can ... Read more

    Affected Products : vcenter_server cloud_foundation
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 8.8

    HIGH
    CVE-2022-31696

    VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.... Read more

    Affected Products : esxi cloud_foundation
    • Published: Dec. 13, 2022
    • Modified: Apr. 22, 2025

  • 9.0

    CRITICAL
    CVE-2022-31358

    A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/.... Read more

    Affected Products : virtual_environment
    • Published: Dec. 14, 2022
    • Modified: Apr. 22, 2025
Showing 20 of 294522 Results