Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2022-0096

    Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Feb. 12, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0093

    An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive information through RSS feeds.... Read more

    Affected Products : gitlab
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0090

    An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user ... Read more

    Affected Products : gitlab
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2022-0088

    Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3.... Read more

    Affected Products : yourls
    • Published: Apr. 03, 2022
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2022-0087

    keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more

    Affected Products : keystone
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0086

    uppy is vulnerable to Server-Side Request Forgery (SSRF)... Read more

    Affected Products : uppy uppy
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-0085

    Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.... Read more

    Affected Products : dompdf
    • Published: Jun. 28, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0084

    A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related ... Read more

    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2022-0083

    livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information... Read more

    Affected Products : live_helper_chat livehelperchat
    • Published: Jan. 04, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-0079

    showdoc is vulnerable to Generation of Error Message Containing Sensitive Information... Read more

    Affected Products : showdoc
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0074

    Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1. ... Read more

    Affected Products : openlitespeed
    • Published: Oct. 27, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0073

    Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1. ... Read more

    Affected Products : openlitespeed
    • Published: Oct. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2022-0072

    Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1... Read more

    Affected Products : openlitespeed
    • Published: Oct. 27, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0071

    Incomplete fix for CVE-2021-3101. Hotdog, prior to v1.0.2, did not mimic the resource limits, device restrictions, or syscall filters of the target JVM process. This would allow a container to exhaust the resources of the host, modify devices, or make sys... Read more

    Affected Products : hotdog
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0070

    Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to.... Read more

    Affected Products : linux_kernel log4jhotpatch
    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2022-0031

    A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system allows a local attacker with shell access to the engine to execute programs with elevated privileges.... Read more

    Affected Products : linux_kernel cortex_xsoar
    • Published: Nov. 09, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-0030

    An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform priv... Read more

    Affected Products : pan-os prisma_access
    • Published: Oct. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0029

    An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.... Read more

    Affected Products : cortex_xdr_agent windows
    • Published: Sep. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0027

    An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, includin... Read more

    Affected Products : cortex_xsoar
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-0026

    A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with e... Read more

    Affected Products : cortex_xdr_agent windows
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294182 Results