Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-3030

    An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.... Read more

    Affected Products : gitlab
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.3

    MEDIUM
    CVE-2011-1471

    Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.... Read more

    Affected Products : php
    • Published: Mar. 20, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-3435

    A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate t... Read more

    Affected Products : linux_kernel fedora debian_linux
    • Published: Oct. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-41921

    Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9... Read more

    Affected Products : discourse
    • Published: Nov. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-42129

    An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the ... Read more

    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 4.3

    MEDIUM
    CVE-2016-0495

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related to Core.... Read more

    Affected Products : debian_linux vm_virtualbox
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-4245

    A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML inject... Read more

    • Published: Sep. 25, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-34311

    IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446.... Read more

    Affected Products : cics_tx
    • Published: Feb. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-34307

    IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent ... Read more

    Affected Products : cics_tx
    • Published: Aug. 01, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-4335

    A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host.... Read more

    Affected Products : gitlab
    • Published: Jan. 27, 2023
    • Modified: Mar. 28, 2025

  • 4.3

    MEDIUM
    CVE-2022-3443

    Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome
    • Published: Nov. 01, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-46705

    A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.... Read more

    Affected Products : macos iphone_os tvos watchos safari ipados
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-1639

    Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac XSS Vulnerability."... Read more

    Affected Products : office
    • Published: Apr. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-41944

    Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.beta.13, under certain conditions, a user can see notifications for topics they no longer have access to. If there is sens... Read more

    Affected Products : discourse
    • Published: Nov. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-46685

    In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.... Read more

    Affected Products : gitea
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 4.3

    MEDIUM
    CVE-2022-36995

    An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily cr... Read more

    • Published: Jul. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-1290

    ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.... Read more

    Affected Products : fedora viewvc linux
    • Published: Mar. 24, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-2983

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthen... Read more

    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-1221

    Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severi... Read more

    Affected Products : chrome edge_chromium
    • Published: Mar. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-3070

    Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to an arbitrary PHP script that uses NuSOAP classes.... Read more

    Affected Products : nusoap
    • Published: Sep. 28, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293360 Results