Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2022-1485

    Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1484

    Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1483

    Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1482

    Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1481

    Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome macos edge_chromium
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1479

    Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1478

    Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1477

    Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 26, 2022
    • Modified: Nov. 21, 2024

  • 6.6

    MEDIUM
    CVE-2022-1476

    The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exp... Read more

    Affected Products : all-in-one_wp_migration
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1475

    An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.... Read more

    Affected Products : ffmpeg
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1474

    The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : wp_event_manager
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-1472

    The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection... Read more

    Affected Products : better_find_and_replace
    • Published: Jun. 20, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1470

    The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : ultimate_woocommerce_csv_importer
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1469

    The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed... Read more

    Affected Products : fibosearch
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1468

    On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. Note: Softw... Read more

    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2022-1467

    Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere a... Read more

    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1466

    Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.... Read more

    Affected Products : keycloak single_sign-on
    • Published: Apr. 26, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1465

    The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue.... Read more

    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2022-1464

    Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .... Read more

    Affected Products : gogs
    • Published: May. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1463

    The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a v... Read more

    Affected Products : booking_calendar
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294701 Results