Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-1997

    Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.... Read more

    Affected Products : rosariosis
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-1996

    Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.... Read more

    Affected Products : fedora go-restful
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1995

    The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html i... Read more

    Affected Products : malware_scanner
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1994

    The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallow... Read more

    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-1993

    Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.... Read more

    Affected Products : gogs
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-1992

    Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.... Read more

    Affected Products : gogs windows
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1991

    A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation of the argument Description with the input foo "><img src="" onerror="alert(document.cookie)"> ... Read more

    Affected Products : fast_food_ordering_system
    • Published: Jun. 07, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1990

    The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed... Read more

    Affected Products : nested_pages
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-1989

    All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.... Read more

    Affected Products : visualization
    • Published: Aug. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1988

    Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09.... Read more

    Affected Products : facturascripts
    • Published: Jun. 03, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-1987

    Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.... Read more

    Affected Products : libmobi
    • Published: Jun. 03, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-1986

    OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.... Read more

    Affected Products : gogs
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1984

    This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) before version 7.2 may allow local authenticated attackers to elevate privileges via a malicious serialized payload.... Read more

    Affected Products : workforce_access
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1983

    Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to acc... Read more

    Affected Products : gitlab
    • Published: Jul. 01, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1982

    Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2022-1981

    An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that... Read more

    Affected Products : gitlab
    • Published: Jul. 01, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1980

    A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=system_info/contact_info. The manipulation of the textbox Telephone with the input <script>alert(1)</script>... Read more

    Affected Products : product_show_room_site
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1979

    A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input <script>alert(1)</script> leads to cross site scripti... Read more

    Affected Products : product_show_room_site
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-1977

    The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind ... Read more

    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1976

    A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption a... Read more

    Affected Products : linux_kernel
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294690 Results