Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-0510

    Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1.... Read more

    Affected Products : pimcore
    • Published: Feb. 08, 2022
    • Modified: Nov. 21, 2024

  • 6.6

    MEDIUM
    CVE-2022-0509

    Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1.... Read more

    Affected Products : pimcore
    • Published: Feb. 08, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0508

    Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832... Read more

    Affected Products : peertube
    • Published: Feb. 08, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0507

    Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL.... Read more

    Affected Products : pandora_fms
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2022-0506

    Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 08, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0505

    Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 08, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0504

    Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 08, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0503

    The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in the network dashboard... Read more

    Affected Products : multisite_content_copier\/updater
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0502

    Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.... Read more

    Affected Products : live_helper_chat livehelperchat
    • Published: Feb. 06, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2022-0501

    Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstalk_console prior to 1.7.12.... Read more

    Affected Products : beanstalk_console
    • Published: Feb. 05, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0500

    A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on t... Read more

    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0499

    The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones.... Read more

    Affected Products : sermon_browser
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0497

    A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations.... Read more

    Affected Products : openscad
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0496

    A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import().... Read more

    Affected Products : openscad
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0495

    The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.... Read more

    Affected Products : koha_library_automation
    • Published: Sep. 21, 2022
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2022-0494

    A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiali... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Mar. 25, 2022
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2022-0493

    The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a fla... Read more

    Affected Products : string_locator
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0492

    A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the name... Read more

    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-0489

    An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments.... Read more

    Affected Products : gitlab
    • Published: Apr. 01, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0488

    An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes.... Read more

    Affected Products : gitlab
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294454 Results