Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2022-1991

    A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation of the argument Description with the input foo "><img src="" onerror="alert(document.cookie)"> ... Read more

    Affected Products : fast_food_ordering_system
    • Published: Jun. 07, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1990

    The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed... Read more

    Affected Products : nested_pages
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-1989

    All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.... Read more

    Affected Products : visualization
    • Published: Aug. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1988

    Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09.... Read more

    Affected Products : facturascripts
    • Published: Jun. 03, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-1987

    Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.... Read more

    Affected Products : libmobi
    • Published: Jun. 03, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-1986

    OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.... Read more

    Affected Products : gogs
    • Published: Jun. 09, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1984

    This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) before version 7.2 may allow local authenticated attackers to elevate privileges via a malicious serialized payload.... Read more

    Affected Products : workforce_access
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1983

    Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to acc... Read more

    Affected Products : gitlab
    • Published: Jul. 01, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1982

    Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2022-1981

    An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that... Read more

    Affected Products : gitlab
    • Published: Jul. 01, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1980

    A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=system_info/contact_info. The manipulation of the textbox Telephone with the input <script>alert(1)</script>... Read more

    Affected Products : product_show_room_site
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1979

    A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input <script>alert(1)</script> leads to cross site scripti... Read more

    Affected Products : product_show_room_site
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-1977

    The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind ... Read more

    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1976

    A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption a... Read more

    Affected Products : linux_kernel
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1975

    There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2022-1974

    A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-1973

    A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.... Read more

    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1971

    The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is dis... Read more

    Affected Products : nextcellent_gallery
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1968

    Use After Free in GitHub repository vim/vim prior to 8.2.... Read more

    Affected Products : debian_linux vim macos
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1967

    The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the ... Read more

    Affected Products : wp-championship
    • Published: Jul. 04, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294724 Results