Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2022-1158

    A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to wr... Read more

    Affected Products : linux_kernel enterprise_linux fedora
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2022-1157

    Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged... Read more

    Affected Products : gitlab
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1156

    The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : books_\&_papers
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2022-1155

    Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.... Read more

    Affected Products : snipe-it
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1154

    Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.... Read more

    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1152

    The Menubar WordPress plugin before 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : menubar
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1148

    Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab ... Read more

    Affected Products : gitlab
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1146

    Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 23, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1145

    Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interaction and profile destruction.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 23, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1144

    Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.... Read more

    Affected Products : chrome
    • Published: Jul. 23, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1143

    Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 23, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1142

    Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.... Read more

    Affected Products : chrome
    • Published: Jul. 23, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1141

    Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user gesture.... Read more

    Affected Products : chrome
    • Published: Jul. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1139

    Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1138

    Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1137

    Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 23, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1136

    Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 23, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1135

    Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 23, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1134

    Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 23, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1133

    Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 23, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294516 Results