Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-0796

    Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0795

    Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0794

    Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0793

    Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension.... Read more

    Affected Products : chrome edge_chromium
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0792

    Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0791

    Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions.... Read more

    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-0790

    Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0789

    Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0787

    The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections... Read more

    Affected Products : limit_login_attempts
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0786

    The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users... Read more

    Affected Products : kivicare
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0785

    The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action (available to unauthenticated users), leading to an unauthenticated SQL ... Read more

    Affected Products : daily_prayer_time
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0784

    The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection... Read more

    Affected Products : title_experiments_free
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0783

    The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL in... Read more

    • Published: May. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0782

    The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_function AJAX action (available to unauthenticated users), ... Read more

    Affected Products : donations
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0781

    The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection... Read more

    Affected Products : nirweb_support
    • Published: May. 23, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0780

    The SearchIQ WordPress plugin before 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitis... Read more

    Affected Products : searchiq
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0779

    The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payl... Read more

    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0778

    The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form ... Read more

    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0777

    Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.... Read more

    Affected Products : microweber cockpit
    • Published: Mar. 01, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0776

    Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.... Read more

    Affected Products : reveal.js
    • Published: Mar. 01, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294510 Results