Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-0298

    Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 12, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0297

    Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 12, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0296

    Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 12, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0295

    Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 12, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0294

    Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 12, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0293

    Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 12, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0292

    Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 12, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0291

    Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2022-0290

    Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 12, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0289

    Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Feb. 12, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0288

    The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting... Read more

    Affected Products : ad_inserter ad_inserter_pro
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0287

    The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog... Read more

    Affected Products : mycred
    • Published: Apr. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0286

    A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.... Read more

    • Published: Jan. 31, 2022
    • Modified: Nov. 21, 2024

  • 6.6

    MEDIUM
    CVE-2022-0285

    Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9.... Read more

    Affected Products : pimcore
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0284

    A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file... Read more

    Affected Products : imagemagick
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0283

    An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL.... Read more

    Affected Products : gitlab
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0282

    Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11. ... Read more

    Affected Products : microweber cockpit
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0281

    Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0280

    A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being del... Read more

    Affected Products : windows total_protection
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2022-0279

    The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users... Read more

    Affected Products : anycomment
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294264 Results