Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2022-0619

    The Database Peek WordPress plugin through 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : database_peek
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0618

    A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame wher... Read more

    Affected Products : swiftnio_http\/2
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-0617

    A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0616

    The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack... Read more

    Affected Products : amelia
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-0615

    Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-service condition on the system.... Read more

    Affected Products : endpoint_antivirus server_security
    • Published: Feb. 25, 2022
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2022-0614

    Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2.... Read more

    Affected Products : mruby
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-0613

    Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.... Read more

    Affected Products : fedora uri.js urijs
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2022-0612

    Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.... Read more

    Affected Products : live_helper_chat livehelperchat
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0611

    Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11. ... Read more

    Affected Products : snipe-it
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0610

    Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0608

    Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0607

    Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0606

    Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0605

    Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafte... Read more

    Affected Products : chrome edge_chromium
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0604

    Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-0603

    Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome chrome_os edge_chromium
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2022-0602

    Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0.... Read more

    Affected Products : tastyigniter
    • Published: Apr. 05, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0601

    The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.... Read more

    • Published: Mar. 14, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0600

    The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting.... Read more

    Affected Products : conference_scheduler
    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-0599

    The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.... Read more

    • Published: Mar. 28, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294796 Results