Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-21701

    Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have `CREATE` permission for `gateways.gateway.networking.k8s.io` objects can escalate th... Read more

    Affected Products : istio
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-21700

    Micronaut is a JVM-based, full stack Java framework designed for building JVM web applications with support for Java, Kotlin and the Groovy language. In affected versions sending an invalid Content Type header leads to memory leak in DefaultArgumentConver... Read more

    Affected Products : micronaut
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-21699

    IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by n... Read more

    Affected Products : fedora debian_linux ipython
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-21698

    client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of... Read more

    • Published: Feb. 15, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-21697

    Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploying Jupyter Server or Notebook with jupyter-proxy-serve... Read more

    Affected Products : jupyter_server_proxy
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-21696

    OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additi... Read more

    Affected Products : onionshare
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-21695

    OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users (or unauthenticated in public mode) can send messages without being ... Read more

    Affected Products : onionshare
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-21694

    OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external re... Read more

    Affected Products : onionshare
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-21693

    OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the ... Read more

    Affected Products : onionshare
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-21692

    OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions anyone with access to the chat environment can write messages disguised as another chat ... Read more

    Affected Products : onionshare
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-21691

    OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions chat participants can spoof their channel leave message, tricking others into assuming t... Read more

    Affected Products : onionshare
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2022-21690

    OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT f... Read more

    Affected Products : onionshare
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-21689

    OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions the receive mode limits concurrent uploads to 100 per second and blocks other uploads in... Read more

    Affected Products : onionshare
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-21688

    OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclo... Read more

    Affected Products : onionshare
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-21686

    PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There ar... Read more

    Affected Products : prestashop
    • Published: Jan. 26, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-21685

    Frontier is Substrate's Ethereum compatibility layer. Prior to commit number `8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664`, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node cras... Read more

    Affected Products : frontier
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-21684

    Discourse is an open source discussion platform. Versions prior to 2.7.13 in `stable`, 2.8.0.beta11 in `beta`, and 2.8.0.beta11 in `tests-passed` allow some users to log in to a community before they should be able to do so. A user invited via email to a ... Read more

    Affected Products : discourse
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-21683

    Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only... Read more

    Affected Products : wagtail wagtail
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2022-21682

    Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will ha... Read more

    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-21681

    Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a v... Read more

    Affected Products : fedora marked
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294848 Results