Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2022-1211

    A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-in... Read more

    Affected Products : furnace
    • Published: Apr. 03, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1210

    A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interact... Read more

    • Published: Apr. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1209

    The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up t... Read more

    Affected Products : ultimate_member
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2022-1208

    The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web sc... Read more

    Affected Products : ultimate_member
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 6.6

    MEDIUM
    CVE-2022-1207

    Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.... Read more

    Affected Products : radare2
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2022-1205

    A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 31, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1204

    A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.... Read more

    Affected Products : linux_kernel fedora debian_linux
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1203

    The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as su... Read more

    Affected Products : content_mask
    • Published: May. 30, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1202

    The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability.... Read more

    Affected Products : wp-crm
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-1201

    NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system.... Read more

    Affected Products : mruby
    • Published: Apr. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1198

    A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1195

    A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1194

    The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability.... Read more

    Affected Products : mobile_events_manager
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1193

    Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances... Read more

    Affected Products : gitlab
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1192

    The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : turn_off_all_comments
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2022-1191

    SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.... Read more

    Affected Products : live_helper_chat
    • Published: Mar. 31, 2022
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2022-1190

    Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.... Read more

    Affected Products : gitlab
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1189

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approv... Read more

    Affected Products : gitlab
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-1188

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring f... Read more

    Affected Products : gitlab
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-1186

    The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5.... Read more

    Affected Products : be_popia_compliant
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294533 Results