Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2022-1455

    The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled... Read more

    Affected Products : call_now_button
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-1452

    Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive in... Read more

    Affected Products : radare2
    • Published: Apr. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-1451

    Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive infor... Read more

    Affected Products : radare2
    • Published: Apr. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2022-1445

    Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.... Read more

    Affected Products : snipe-it
    • Published: Apr. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1444

    heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service.... Read more

    Affected Products : radare2
    • Published: Apr. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1441

    MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed leng... Read more

    Affected Products : gpac debian_linux
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-1440

    Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `--upload-pack` command-line argument feature of git is also supported for `git clone`,... Read more

    Affected Products : git-interface
    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2022-1439

    Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository microweber/microweber prior to 1.2.15. Execute Arbitrary JavaScript as the attacked user. It's the only payload I found working, you might need to press "tab" but there is probably a p... Read more

    Affected Products : microweber cockpit
    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2022-1438

    A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.... Read more

    Affected Products : keycloak keycloak build_of_keycloak
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-1437

    Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or c... Read more

    Affected Products : radare2
    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1436

    The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitise and escape the wpcargo_tracking_number parameter before outputting it back in the page, which could allow attackers to perform reflected Cross-Site Scripting attacks.... Read more

    Affected Products : track_\&_trace
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1435

    The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitize and escapes some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.... Read more

    Affected Products : track_\&_trace
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2022-1434

    The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent f... Read more

    • Published: May. 03, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1433

    An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential paylo... Read more

    Affected Products : gitlab
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1432

    Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.... Read more

    Affected Products : octoprint
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-1431

    An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the Py... Read more

    Affected Products : gitlab
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1430

    Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.... Read more

    Affected Products : octoprint
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1429

    SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data... Read more

    Affected Products : pimcore
    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1428

    An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package reque... Read more

    Affected Products : gitlab
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1427

    Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited.... Read more

    Affected Products : mruby
    • Published: Apr. 23, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294714 Results