Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2022-23824

    IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.... Read more

    • Published: Nov. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-23615

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming... Read more

    Affected Products : xwiki
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-35218

    The NHI card’s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service.... Read more

    • Published: Aug. 02, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-23456

    Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software.... Read more

    Affected Products : support_assistant
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-23319

    A segmentation fault during PCF file parsing in pcf2bdf versions >=1.05 allows an attacker to trigger a program crash via a specially crafted PCF font file. This crash affects the availability of the software and dependent downstream components.... Read more

    Affected Products : pcf2bdf
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-23195

    Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASL... Read more

    Affected Products : macos windows illustrator
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-23189

    Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of ... Read more

    Affected Products : macos windows illustrator
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-23197

    Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASL... Read more

    Affected Products : macos windows illustrator
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-23055

    In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the admi... Read more

    Affected Products : frappe erpnext
    • Published: Jun. 22, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-23193

    Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASL... Read more

    Affected Products : macos windows illustrator
    • Published: Feb. 16, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-23034

    A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any... Read more

    Affected Products : fedora debian_linux xen
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-23008

    On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX... Read more

    Affected Products : nginx_controller_api_management
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-22901

    There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9.... Read more

    Affected Products : jerryscript
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-22892

    There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma_is_value_number (value) || ecma_is_value_string (value) || ecma_is_value_bigint (value) || ecma_is_value_symbol (value) || ecma_i... Read more

    Affected Products : jerryscript
    • Published: Jan. 21, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-22820

    Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image in LINE for Windows before 7.4.... Read more

    Affected Products : line
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-22890

    There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT && arguments_type != SCANNER_ARGUMENTS_PRESENT_NO_REG' failed at /jerry-core/parser/js/js-scanner-util.c in Jerryscript 3.0.0.... Read more

    Affected Products : jerryscript
    • Published: Jan. 20, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-22716

    Microsoft Excel Information Disclosure Vulnerability... Read more

    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-22668

    A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A malicious application may be able to leak sensitive user information.... Read more

    Affected Products : macos iphone_os ipados
    • Published: Feb. 27, 2023
    • Modified: Mar. 12, 2025

  • 5.5

    MEDIUM
    CVE-2022-22663

    This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper che... Read more

    Affected Products : macos mac_os_x iphone_os ipados
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-22644

    A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user's contacts.... Read more

    Affected Products : macos
    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293339 Results