Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2022-0249

    A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.... Read more

    Affected Products : gitlab
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0248

    The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting a... Read more

    Affected Products : contact_form_submissions
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0247

    An issue exists in Fuchsia where VMO data can be modified through access to copy-on-write snapshots. A local attacker could modify objects in the VMO that they do not have permission to. We recommend upgrading past commit d97c05d2301799ed585620a9c5c739d36... Read more

    Affected Products : fuchsia
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2022-0246

    The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files ... Read more

    Affected Products : iq_block_country
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-0245

    Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0.... Read more

    Affected Products : live_helper_chat livehelperchat
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 8.6

    HIGH
    CVE-2022-0244

    An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file.... Read more

    Affected Products : gitlab
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2022-0243

    Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.... Read more

    Affected Products : orchardcore
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2022-0242

    Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.... Read more

    Affected Products : crater
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0240

    mruby is vulnerable to NULL Pointer Dereference... Read more

    Affected Products : mruby
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-0239

    corenlp is vulnerable to Improper Restriction of XML External Entity Reference... Read more

    Affected Products : corenlp
    • Published: Jan. 17, 2022
    • Modified: Nov. 21, 2024

  • 4.5

    MEDIUM
    CVE-2022-0238

    phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : fedora phoronix_test_suite
    • Published: Jan. 16, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0237

    Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in... Read more

    Affected Products : insight_agent
    • Published: Mar. 17, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-0236

    The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-w... Read more

    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0235

    node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products : debian_linux sinec_ins node-fetch
    • Published: Jan. 16, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0234

    The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the resp... Read more

    Affected Products : woocs
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2022-0233

    The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pm_user_avatar and pm_cover_image parameters found in the ~/admin/class-profile-magic-a... Read more

    Affected Products : profilegrid
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2022-0232

    The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loader_text parameter found in the ~/includes/templates/landing-page.php file which allows attackers with admin... Read more

    Affected Products : leadmagic
    • Published: Jan. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0231

    livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)... Read more

    Affected Products : live_helper_chat livehelperchat
    • Published: Jan. 14, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0230

    The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admin... Read more

    Affected Products : bwp-google-xml-sitemaps
    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2022-0229

    The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could ... Read more

    Affected Products : google_authenticator
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294433 Results