Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2022-21668

    pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requir... Read more

    Affected Products : fedora pipenv
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-21667

    soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with ... Read more

    Affected Products : soketi
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-21666

    Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file `admin/pages/usered... Read more

    Affected Products : useful_simple_open-source_cms
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-21664

    WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched i... Read more

    Affected Products : fedora debian_linux wordpress
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-21663

    WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This h... Read more

    Affected Products : fedora debian_linux wordpress
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2022-21662

    WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect ... Read more

    Affected Products : debian_linux wordpress
    • Published: Jan. 06, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-21660

    Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the `setUserInfo` function. Users are advised to update as soon as ... Read more

    Affected Products : gin-vue-admin
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2022-21658

    Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race c... Read more

    Affected Products : fedora macos iphone_os tvos watchos ipados rust
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2022-21657

    Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that ... Read more

    Affected Products : envoy
    • Published: Feb. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2022-21656

    Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This ... Read more

    Affected Products : envoy
    • Published: Feb. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-21655

    Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of serv... Read more

    Affected Products : envoy
    • Published: Feb. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-21654

    Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that defaul... Read more

    Affected Products : envoy
    • Published: Feb. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-21653

    Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most appl... Read more

    Affected Products : jawn
    • Published: Jan. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-21652

    Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the lat... Read more

    Affected Products : shopware
    • Published: Jan. 05, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2022-21651

    Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is n... Read more

    Affected Products : shopware
    • Published: Jan. 05, 2022
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2022-21650

    Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. ... Read more

    Affected Products : convos
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2022-21649

    Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an <a> tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "<" or ">" but escaping ... Read more

    Affected Products : convos
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2022-21648

    Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead t... Read more

    Affected Products : latte
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-21647

    CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute exis... Read more

    Affected Products : codeigniter
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-21646

    SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an `exclusion` or within an `intersection` operation will see `Lookup`/`LookupResources` ret... Read more

    Affected Products : spicedb
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294837 Results