Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2022-1195

    A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1194

    The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability.... Read more

    Affected Products : mobile_events_manager
    • Published: Sep. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1193

    Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances... Read more

    Affected Products : gitlab
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1192

    The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : turn_off_all_comments
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2022-1191

    SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.... Read more

    Affected Products : live_helper_chat
    • Published: Mar. 31, 2022
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2022-1190

    Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.... Read more

    Affected Products : gitlab
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1189

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approv... Read more

    Affected Products : gitlab
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-1188

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring f... Read more

    Affected Products : gitlab
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-1186

    The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5.... Read more

    Affected Products : be_popia_compliant
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1185

    A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file... Read more

    Affected Products : gitlab
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1184

    A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.... Read more

    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1183

    On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both D... Read more

    • Published: May. 19, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1182

    The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injectio... Read more

    Affected Products : visual_slide_box_builder
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2022-1181

    Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.... Read more

    Affected Products : openemr
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2022-1180

    Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.... Read more

    Affected Products : openemr
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-1179

    Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.... Read more

    Affected Products : openemr
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2022-1178

    Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.... Read more

    Affected Products : openemr
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1177

    Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.... Read more

    Affected Products : openemr
    • Published: Mar. 30, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1176

    Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.... Read more

    Affected Products : live_helper_chat livehelperchat
    • Published: Mar. 31, 2022
    • Modified: Nov. 21, 2024

  • 8.7

    HIGH
    CVE-2022-1175

    Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.... Read more

    Affected Products : gitlab
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294706 Results