Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2022-1433

    An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential paylo... Read more

    Affected Products : gitlab
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1432

    Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.... Read more

    Affected Products : octoprint
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-1431

    An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the Py... Read more

    Affected Products : gitlab
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1430

    Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.... Read more

    Affected Products : octoprint
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1429

    SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data... Read more

    Affected Products : pimcore
    • Published: Apr. 22, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1428

    An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package reque... Read more

    Affected Products : gitlab
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1427

    Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited.... Read more

    Affected Products : mruby
    • Published: Apr. 23, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1426

    An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some ce... Read more

    Affected Products : gitlab
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1425

    The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the message_id of the wpqa_message_view ajax action belongs to the requesting user, leading to any user being able to read mes... Read more

    Affected Products : wpqa_builder
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1424

    The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.... Read more

    Affected Products : ask_me ask_me
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1423

    Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer pri... Read more

    Affected Products : gitlab
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1422

    The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults.... Read more

    Affected Products : discy wpqa_builder
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1421

    The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack... Read more

    Affected Products : discy wpqa_builder
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2022-1420

    Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.... Read more

    Affected Products : fedora vim macos
    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1419

    The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1418

    The Social Stickers WordPress plugin through 2.2.9 does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored... Read more

    Affected Products : social_stickers
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1417

    Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Me... Read more

    Affected Products : gitlab
    • Published: May. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1416

    Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker control... Read more

    Affected Products : gitlab
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1415

    A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on t... Read more

    • Published: Sep. 11, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1413

    Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the... Read more

    Affected Products : gitlab
    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294755 Results