Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-1185

    A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file... Read more

    Affected Products : gitlab
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1184

    A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.... Read more

    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1183

    On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both D... Read more

    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1182

    The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injectio... Read more

    Affected Products : visual_slide_box_builder
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2022-1181

    Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.... Read more

    Affected Products : openemr
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2022-1180

    Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.... Read more

    Affected Products : openemr
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1179

    Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.... Read more

    Affected Products : openemr
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2022-1178

    Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.... Read more

    Affected Products : openemr
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1177

    Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.... Read more

    Affected Products : openemr
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1176

    Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.... Read more

    Affected Products : live_helper_chat livehelperchat
    • Published: Mar. 31, 2022
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2022-1175

    Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.... Read more

    Affected Products : gitlab
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1174

    A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted inpu... Read more

    Affected Products : gitlab
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2022-1173

    stored xss in GitHub repository getgrav/grav prior to 1.7.33.... Read more

    Affected Products : grav
    • Published: Apr. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2022-1172

    Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.... Read more

    Affected Products : gpac
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1171

    The Vertical scroll recent post WordPress plugin before 14.0 does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : vertical_scroll_recent_post
    • Published: May. 09, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1170

    In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.... Read more

    Affected Products : jobmonster
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1169

    There is a XSS vulnerability in Careerfy.... Read more

    Affected Products : careerfy
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1168

    There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1.... Read more

    Affected Products : jobsearch_wp_job_board
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1167

    There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters.... Read more

    Affected Products : careerup
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-1166

    The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can b... Read more

    Affected Products : jobmonster
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294503 Results