Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-0972

    Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.... Read more

    • Published: Jul. 21, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0971

    Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.... Read more

    • Published: Jul. 21, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0970

    Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.... Read more

    Affected Products : grav
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0969

    The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks... Read more

    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-0968

    The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber... Read more

    Affected Products : microweber cockpit
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 6.9

    MEDIUM
    CVE-2022-0967

    Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.... Read more

    Affected Products : showdoc
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2022-0966

    Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.... Read more

    Affected Products : showdoc
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2022-0965

    Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.... Read more

    Affected Products : showdoc
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2022-0964

    Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.... Read more

    Affected Products : showdoc
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-0963

    Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.... Read more

    Affected Products : microweber cockpit
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2022-0962

    Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.... Read more

    Affected Products : showdoc
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0961

    The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.... Read more

    Affected Products : microweber cockpit
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    CRITICAL
    CVE-2022-0960

    Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.... Read more

    Affected Products : showdoc
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0958

    The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : mark_posts
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 7.6

    HIGH
    CVE-2022-0957

    Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.... Read more

    Affected Products : showdoc
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0956

    Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.... Read more

    Affected Products : showdoc
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0955

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data-hub prior to 1.2.4.... Read more

    Affected Products : pimcore data-hub
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2022-0954

    Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0953

    The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode charac... Read more

    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0952

    The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers cou... Read more

    Affected Products : sitemap
    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294510 Results