Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2022-3462

    The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ... Read more

    Affected Products : highlight_focus
    • EPSS Score: %0.16
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 4.3

    MEDIUM
    CVE-2022-3451

    The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary opt... Read more

    Affected Products : product_stock_manager
    • EPSS Score: %0.07
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 7.2

    HIGH
    CVE-2022-3418

    The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files... Read more

    • EPSS Score: %0.44
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 7.5

    HIGH
    CVE-2022-37866

    When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain ... Read more

    Affected Products : ivy
    • EPSS Score: %0.60
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 8.8

    HIGH
    CVE-2023-5346

    Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more

    Affected Products : fedora chrome edge_chromium
    • EPSS Score: %0.59
    • Published: Oct. 05, 2023
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2023-5175

    During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118.... Read more

    Affected Products : firefox
    • EPSS Score: %0.38
    • Published: Sep. 27, 2023
    • Modified: May. 01, 2025

  • 7.8

    HIGH
    CVE-2023-28210

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.... Read more

    Affected Products : macos
    • EPSS Score: %0.08
    • Published: Sep. 06, 2023
    • Modified: May. 01, 2025

  • 6.7

    MEDIUM
    CVE-2023-21244

    In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploita... Read more

    Affected Products : android
    • EPSS Score: %0.01
    • Published: Oct. 06, 2023
    • Modified: May. 01, 2025

  • 4.3

    MEDIUM
    CVE-2022-3819

    An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.06
    • Published: Nov. 10, 2022
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2022-3818

    An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the G... Read more

    Affected Products : gitlab
    • EPSS Score: %0.07
    • Published: Nov. 10, 2022
    • Modified: May. 01, 2025

  • 8.0

    HIGH
    CVE-2022-3558

    The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files.... Read more

    • EPSS Score: %0.35
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 8.8

    HIGH
    CVE-2022-3537

    The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP... Read more

    • EPSS Score: %0.17
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 8.8

    HIGH
    CVE-2022-3536

    The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserializati... Read more

    • EPSS Score: %0.13
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 8.8

    HIGH
    CVE-2022-3494

    The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a ... Read more

    Affected Products : complianz
    • EPSS Score: %0.41
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 5.3

    MEDIUM
    CVE-2022-3489

    The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request... Read more

    Affected Products : wp_hide
    • EPSS Score: %0.11
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-3486

    An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.29
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 9.8

    CRITICAL
    CVE-2022-3481

    The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection... Read more

    Affected Products : woocommerce_dropshipping
    • EPSS Score: %1.09
    • Published: Nov. 07, 2022
    • Modified: May. 01, 2025

  • 6.1

    MEDIUM
    CVE-2022-3280

    An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.12
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 7.3

    HIGH
    CVE-2022-3265

    A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a ... Read more

    Affected Products : gitlab
    • EPSS Score: %52.85
    • Published: Nov. 09, 2022
    • Modified: May. 01, 2025

  • 6.7

    MEDIUM
    CVE-2022-32611

    In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340373; Issue ID: ALP... Read more

    Affected Products : android mt6879 mt6895 mt6983
    • EPSS Score: %0.03
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025
Showing 20 of 291058 Results