Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-0822

    Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0.... Read more

    Affected Products : orchardcore
    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0821

    Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.... Read more

    Affected Products : orchardcore
    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0820

    Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0.... Read more

    Affected Products : orchardcore
    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0819

    Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0818

    The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloa... Read more

    Affected Products : woocommerce_affiliate
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0817

    The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users... Read more

    Affected Products : badgeos badgos
    • Published: May. 09, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0815

    Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected b... Read more

    Affected Products : webadvisor
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0814

    The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Inje... Read more

    Affected Products : ubigeo_de_peru_para_woocommerce
    • Published: May. 09, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0813

    PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.... Read more

    Affected Products : phpmyadmin
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0812

    An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2022-0811

    A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluste... Read more

    Affected Products : cri-o
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0809

    Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0808

    Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions.... Read more

    Affected Products : chrome edge_chromium
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0807

    Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.... Read more

    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0806

    Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page.... Read more

    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0805

    Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.... Read more

    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0804

    Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.... Read more

    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0803

    Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.... Read more

    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0802

    Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.... Read more

    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0801

    Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 02, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294337 Results