Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2022-1237

    Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/12... Read more

    Affected Products : radare2
    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1236

    Weak Password Requirements in GitHub repository weseek/growi prior to v5.0.0.... Read more

    Affected Products : growi
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2022-1235

    Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.... Read more

    Affected Products : live_helper_chat livehelperchat
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1234

    XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise o... Read more

    Affected Products : live_helper_chat
    • Published: Apr. 06, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1233

    URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.... Read more

    Affected Products : uri.js urijs
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1232

    Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-1231

    XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code... Read more

    Affected Products : fedora plantuml
    • Published: Apr. 15, 2022
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2022-1230

    This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit... Read more

    Affected Products : galaxy_s21_firmware galaxy_s21
    • Published: Mar. 28, 2023
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-1229

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a... Read more

    Affected Products : microstation_connect
    • Published: Mar. 28, 2023
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-1228

    The Opensea WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, like its "Referer address" field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disal... Read more

    Affected Products : opeansea
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-1227

    A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command... Read more

    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1225

    Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.... Read more

    Affected Products : phpipam
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1224

    Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.... Read more

    Affected Products : phpipam
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-1223

    Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. ... Read more

    Affected Products : phpipam
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-1222

    Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.... Read more

    Affected Products : gpac
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1221

    The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : gwyn\'s_imagemap_selector
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1220

    The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : foxyshop
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-1219

    SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data... Read more

    Affected Products : pimcore
    • Published: Apr. 08, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1218

    The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : domain_replace
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-1217

    The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHP_SELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.... Read more

    Affected Products : custom_tinymce_shortcode_button
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294755 Results