Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.7

    MEDIUM
    CVE-2023-1206

    A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usa... Read more

    Affected Products : linux_kernel enterprise_linux fedora
    • Published: Jun. 30, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2023-0989

    An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with ... Read more

    Affected Products : gitlab
    • Published: Sep. 29, 2023
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-43937

    Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a... Read more

    Affected Products : brocade_sannav
    • Published: Nov. 21, 2024
    • Modified: Feb. 04, 2025

  • 5.7

    MEDIUM
    CVE-2022-40177

    A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (... Read more

    • Published: Oct. 11, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-3027

    The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSI... Read more

    Affected Products : cms8000_firmware cms8000
    • Published: Sep. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-54513

    A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to access sensitive user data.... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Dec. 12, 2024
    • Modified: Dec. 13, 2024

  • 5.7

    MEDIUM
    CVE-2022-39318

    FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed... Read more

    Affected Products : fedora freerdp
    • Published: Nov. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-39347

    FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared dir... Read more

    Affected Products : fedora freerdp
    • Published: Nov. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-36859

    Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim&#39;s devices.... Read more

    Affected Products : smarttagplugin
    • Published: Sep. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-34575

    An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml.... Read more

    Affected Products : wifi-repeater_firmware
    • Published: Jul. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-31096

    Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of... Read more

    Affected Products : discourse
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2024-53244

    In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 5.7

    MEDIUM
    CVE-2022-30625

    Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the direct... Read more

    Affected Products : p5e_gnss_firmware p5e_gnss
    • Published: Jul. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-27774

    An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other... Read more

    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-27481

    A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not pr... Read more

    • Published: Apr. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-27152

    Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.... Read more

    • Published: Apr. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-22284

    Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication... Read more

    Affected Products : internet
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-21979

    Microsoft Exchange Server Information Disclosure Vulnerability... Read more

    Affected Products : exchange_server
    • Published: Aug. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-21609

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). The supported version that is affected is 5.9.0.0. Easily exploitable vulnerability allows low privileged attacker with... Read more

    Affected Products : business_intelligence
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.7

    MEDIUM
    CVE-2022-0963

    Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.... Read more

    Affected Products : microweber cockpit
    • Published: Mar. 15, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294758 Results