Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2022-0993

    The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon suc... Read more

    Affected Products : siteground_security
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2022-0991

    Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.... Read more

    Affected Products : admidio
    • Published: Mar. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-0990

    Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.... Read more

    Affected Products : calibre-web calibre-web
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0989

    An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable do... Read more

    Affected Products : ns_watermark_for_woocommerce
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0988

    Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.... Read more

    Affected Products : diaenergie
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2022-0987

    A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.... Read more

    Affected Products : enterprise_linux packagekit
    • Published: Jun. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0986

    Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11.... Read more

    Affected Products : control_panel
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0985

    Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.... Read more

    Affected Products : moodle
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0984

    Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.... Read more

    Affected Products : moodle enterprise_linux fedora
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0983

    An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.... Read more

    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0982

    The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client,... Read more

    Affected Products : accel-ppp
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0981

    A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges th... Read more

    Affected Products : quarkus
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0980

    Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 22, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0979

    Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 22, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0978

    Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 22, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-0977

    Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 21, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0976

    Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 21, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0975

    Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 21, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0974

    Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-0973

    Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 21, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294510 Results