Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.4

    HIGH
    CVE-2022-21656

    Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This ... Read more

    Affected Products : envoy
    • Published: Feb. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-21655

    Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of serv... Read more

    Affected Products : envoy
    • Published: Feb. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-21654

    Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that defaul... Read more

    Affected Products : envoy
    • Published: Feb. 22, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-21653

    Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most appl... Read more

    Affected Products : jawn
    • Published: Jan. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-21652

    Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the lat... Read more

    Affected Products : shopware
    • Published: Jan. 05, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2022-21651

    Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is n... Read more

    Affected Products : shopware
    • Published: Jan. 05, 2022
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2022-21650

    Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. ... Read more

    Affected Products : convos
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2022-21649

    Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an <a> tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "<" or ">" but escaping ... Read more

    Affected Products : convos
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2022-21648

    Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead t... Read more

    Affected Products : latte
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-21647

    CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute exis... Read more

    Affected Products : codeigniter
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-21646

    SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an `exclusion` or within an `intersection` operation will see `Lookup`/`LookupResources` ret... Read more

    Affected Products : spicedb
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2022-21644

    USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permi... Read more

    Affected Products : useful_simple_open-source_cms
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-21643

    USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct... Read more

    Affected Products : useful_simple_open-source_cms
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-21642

    Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.... Read more

    Affected Products : discourse
    • Published: Jan. 05, 2022
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2022-21641

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2022-21640

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-21639

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search Integration). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with netw... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2022-21638

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2022-21637

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compro... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-21636

    Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Session Management). Supported versions that are affected are 12.2.6-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network ac... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294848 Results