Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2022-0562

    Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is a... Read more

    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0561

    Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fi... Read more

    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0560

    Open Redirect in Packagist microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0559

    Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.... Read more

    Affected Products : fedora radare2
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0558

    Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2022-0557

    OS Command Injection in Packagist microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0556

    A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator.... Read more

    Affected Products : zyxel_ap_configurator
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2022-0554

    Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.... Read more

    Affected Products : fedora debian_linux vim macos
    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0553

    There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.... Read more

    Affected Products : zephyr
    • Published: Jan. 11, 2023
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2022-0552

    A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content... Read more

    Affected Products : origin-aggregated-logging
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2022-0551

    Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This i... Read more

    Affected Products : cmc guardian
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2022-0550

    Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges.... Read more

    Affected Products : cmc guardian
    • Published: Mar. 24, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0549

    An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add ... Read more

    Affected Products : gitlab
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0546

    A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.... Read more

    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0545

    An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process... Read more

    Affected Products : debian_linux blender
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0544

    An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.... Read more

    Affected Products : debian_linux blender
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0542

    Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0.... Read more

    Affected Products : chatwoot
    • Published: Aug. 19, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0541

    The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.... Read more

    Affected Products : flo-launch
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0540

    A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.2... Read more

    • Published: Apr. 20, 2022
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2022-0539

    Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14.... Read more

    Affected Products : beanstalk_console
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294421 Results